s/does affect/does not affect/ > On Feb 13, 2018, at 11:57 AM, Jeremiah D Jordan <jeremiah.jor...@gmail.com> > wrote: > > I don’t think we need to stop the vote. This CVE has been around for a while > (3/13/2017), and does affect any install I have ever seen. It affects users > who manually enable some specific logback features using the SocketServer or > ServerSocketReceiver component which are not used in our default settings (or > by any install I have ever seen). > > -Jeremiah > >> On Feb 13, 2018, at 11:48 AM, Jason Brown <jasedbr...@gmail.com> wrote: >> >> Ariel, >> >> If this is a legit CVE, then we would want to patch all the current >> versions we support - which is 2.1 and higher. >> >> Also, is this worth stopping the current open vote for this patch? (Not in >> a place to look at the patch and affects to impacted branches right now). >> >> Jason >> >> On Tue, Feb 13, 2018 at 08:43 Ariel Weisberg <ar...@weisberg.ws> wrote: >> >>> Hi, >>> >>> Seems like users could conceivably be using the vulnerable component. Also >>> seems like like we need potentially need to do this as far back as 2.1? >>> >>> Anyone else have an opinion before I commit this? What version to start >>> from? >>> >>> Ariel >>> >>> On Tue, Feb 13, 2018, at 5:59 AM, Thiago Veronezi wrote: >>>> Hi dev team, >>>> >>>> Sorry to keep bothering you. >>>> >>>> This is just a friendly reminder that I would like to contribute to this >>>> project starting with a fix for CASSANDRA-14183 >>>> <https://issues.apache.org/jira/browse/CASSANDRA-14183>. >>>> >>>> []s, >>>> Thiago. >>>> >>>> >>>> >>>> On Tue, Jan 30, 2018 at 8:05 AM, Thiago Veronezi <thi...@veronezi.org> >>>> wrote: >>>> >>>>> Hi dev team, >>>>> >>>>> Can one of you guys take a look on this jira ticket? >>>>> https://issues.apache.org/jira/browse/CASSANDRA-14183 >>>>> >>>>> It has an a patch available for a known security issue with one of the >>>>> dependencies. It has only with trivial code changes. It should be >>>>> straightforward to review it. Any feedback is very welcome. >>>>> >>>>> Thanks, >>>>> Thiago >>>>> >>> >>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: dev-unsubscr...@cassandra.apache.org >>> For additional commands, e-mail: dev-h...@cassandra.apache.org >>> >>> > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@cassandra.apache.org > For additional commands, e-mail: dev-h...@cassandra.apache.org >
--------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@cassandra.apache.org For additional commands, e-mail: dev-h...@cassandra.apache.org