Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Critical vulnerability in the latest stable release 0.13.1 #19

Open
gavinkflam opened this issue Jun 19, 2018 · 0 comments
Open

Critical vulnerability in the latest stable release 0.13.1 #19

gavinkflam opened this issue Jun 19, 2018 · 0 comments

Comments

@gavinkflam
Copy link

gavinkflam commented Jun 19, 2018
edited
Loading

Description

There is a critical (9.8) severity vulnerability in the latest stable release of wunderboss-core.

  • CVE-2017-5929 (9.8 Critical) - link
    QOS.ch Logback before 1.2.0 has a serialization vulnerability affecting the SocketServer and ServerSocketReceiver components.
    This vulnerability is affecting logback-core 1.1.3, which is a transitive dependency from logback-classic 1.1.3.

Expected Behavior

I propose upgrading logback-classic to 1.2.3 and publish a stable release as soon as possible.

Actual Behavior

The vulnerabilities are affecting the latest stable release 0.5.3.

WunderBoss version

0.13.1
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@gavinkflam