Inform the update situation of CVE-2018-8088 (solved in slf4j 1.7.26 stable)

[Neustradamus]

Dear @qos-ch team,

All websites do not have updated of CVE-2018-8088 situation:

• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8088
• https://www.google.com/search?q=CVE-2018-8088

The problem was that you did not want to create a build in 1.7.x with the fix!
It has been fixed in 1.7.26 (stable).

And 1.8.0-beta4 (not 1.8.0-beta2).

I think that today, you understand the problem of vulnerabilities / CVEs.

Thanks in advance.

[ceki]

Sorry for not updating earlier. .Version 2.0.0 has all the changes from 1.8.x. Thus, CVE-2018-8088 has been fixed both in the 2.0.0 and 1.7.x branches.

[Neustradamus]

@ceki: At this time, it is always not updated in CVE websites.

No information about 1.7.26 (stable) and 1.8.0-beta4 (unstable).

When it will be good?

[ceki]

@Neustradamus I have just asked them to update the CVE in question.

Have not heard back 24 hours later.