Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix CVE-2019-9212 #84

Merged
merged 1 commit into from
Jun 8, 2023
Merged

Fix CVE-2019-9212 #84

merged 1 commit into from
Jun 8, 2023

Conversation

OrezzerO
Copy link
Contributor

Fix CVE-2019-9212 .

Related Issue: sofastack/sofa-bolt#328

The following things we need to check:

  1. We need to check inner blacklist contains these two class. @EvenLjj @chuailiwu
  2. Is there a way to share inner blacklist to community? @khotyn @nobodyiam

@OrezzerO OrezzerO changed the base branch from master to 3.x May 29, 2023 05:38
nobodyiam
nobodyiam approved these changes Jun 4, 2023
View reviewed changes
Copy link
Member

@nobodyiam nobodyiam left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@OrezzerO

Thanks for submitting this patch. I checked the internal blacklist already contains these 2 classes.

@EvenLjj

Would you please help to confirm whether the internal blacklist could be merged to this repo?

@EvenLjj
Copy link

EvenLjj commented Jun 6, 2023

@OrezzerO

Thanks for submitting this patch. I checked the internal blacklist already contains these 2 classes.

@EvenLjj

Would you please help to confirm whether the internal blacklist could be merged to this repo?

OK, it can be merged, this fix has already been fixed in version 4. x, and version 3. x also requires a fix.

@OrezzerO
Copy link
Contributor Author

OrezzerO commented Jun 6, 2023

@EvenLjj CLA check is blocking. How to fix it ?

@nobodyiam nobodyiam closed this Jun 8, 2023
@nobodyiam nobodyiam reopened this Jun 8, 2023
@codecov
Copy link

codecov bot commented Jun 8, 2023

Codecov Report

Merging #84 (06ba279) into 3.x (f8b6625) will decrease coverage by 0.01%.
The diff coverage is n/a.

@@            Coverage Diff             @@
##              3.x      #84      +/-   ##
==========================================
- Coverage   26.12%   26.11%   -0.01%     
==========================================
  Files         158      158              
  Lines       11129    11129              
  Branches     1980     1980              
==========================================
- Hits         2907     2906       -1     
- Misses       7927     7928       +1     
  Partials      295      295

see 1 file with indirect coverage changes

@nobodyiam
Copy link
Member

@zhenjunMa Please help to take a look at the cla bot issue.

@zhenjunMa zhenjunMa closed this Jun 8, 2023
@zhenjunMa zhenjunMa reopened this Jun 8, 2023
@sofastack-cla sofastack-cla bot added the cla:yes label Jun 8, 2023
@Lo1nt Lo1nt merged commit 1d88db3 into sofastack:3.x Jun 8, 2023
@asad-awadia
Copy link

@OrezzerO what is this? how does this work? the cve is resolved in jraft without upgrading bolt/hessian?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@EvenLjj EvenLjj EvenLjj approved these changes

@nobodyiam nobodyiam nobodyiam approved these changes

@khotyn khotyn Awaiting requested review from khotyn

@chuailiwu chuailiwu Awaiting requested review from chuailiwu

Assignees
No one assigned
Labels
cla:yes
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@OrezzerO @EvenLjj @nobodyiam @asad-awadia @zhenjunMa @Lo1nt