Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

sofa依赖库netty引入开源漏洞 #847

Closed
jsc12138446 opened this issue Feb 26, 2024 · 3 comments · Fixed by #931
Closed

sofa依赖库netty引入开源漏洞 #847

jsc12138446 opened this issue Feb 26, 2024 · 3 comments · Fixed by #931
Labels
good first issue Good for newcomers

Comments

@jsc12138446
Copy link

jsc12138446 commented Feb 26, 2024
edited

sofa版本2.2.2,其中引入的三方库netty 4.1.90.Final中扫描出开源漏洞:
CVE-2023-34462
CVE-2023-44487
CVE-2023-4586
漏洞查询参考信息:
https://www.cnnvd.org.cn/home/loophole

sofa版本2.2.2,其中引入的三方库logback 1.2.9中扫描出开源漏洞:
CVE-2023-6378
漏洞查询参考信息:
https://www.cnnvd.org.cn/home/loophole
@lvjing2
Copy link
Collaborator

lvjing2 commented Feb 26, 2024

麻烦看下新版本,还有没有漏洞问题呢?

@jsc12138446
Copy link
Author

jsc12138446 commented Feb 26, 2024
edited

麻烦看下新版本,还有没有漏洞问题呢?

最新版本3.1.0依赖的netty 4.1.94.Final,目前已知的4.1.100.Final还有有漏洞问题
问题参考:
spring-projects/spring-boot#38094

@lvjing2
Copy link
Collaborator

lvjing2 commented Feb 29, 2024

那这用什么版本呢?方便提个pr吗?

@lvjing2 lvjing2 added the good first issue Good for newcomers label Mar 15, 2024
@laglangyue laglangyue mentioned this issue May 23, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
good first issue Good for newcomers
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

update netty version laglangyue/sofa-ark
2 participants
@lvjing2 @jsc12138446