ok, Colm,
this is clearly a SSHD issue. Nothing to do with mina-core that we use.
We are safe.
On 09/10/2023 11:11, Colm O hEigeartaigh wrote:
+1.
On a side note, Grype finds a CVE in Mina when I scan the API dist
which looks like a false positive:
mina-core 2.2.3 java-archive CVE-2023-35887 Medium
https://nvd.nist.gov/vuln/detail/CVE-2023-35887
This issue affects Apache MINA: from 1.0 before 2.10. Users are
recommended to upgrade to 2.10
If it's a false positive for 2.3.0 and you wrote the description
@Emmanuel Lécharny , can you contact NIST about updating it to flag
the correct versions?
Colm.
On Mon, Oct 9, 2023 at 8:15 AM Emmanuel Lécharny <[email protected]> wrote:
Hi all,
this is a vote for the release of Apache LDAP API 2.1.5
This release is just bumping up some dependencies like MINA 2.2.3, and a
few others. It's needed for the coming release of Apache Directory Server.
The revision :
https://github.com/apache/directory-ldap-api/commit/01ac0d7e9c3099331c1cd69b3687db24a64ec1e6
The source and binary distribution packages:
https://dist.apache.org/repos/dist/dev/directory/api/2.1.5
The staging repository:
https://repository.apache.org/content/repositories/orgapachedirectory-1221/
Please cast your votes:
[ ] +1 Release Apache LDAP API 2.1.5
[ ] 0 abstain
[ ] -1 Do not release Apache LDAP API 2.1.5
Thanks !
--
*Emmanuel Lécharny* P. +33 (0)6 08 33 32 61
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
--
*Emmanuel Lécharny* P. +33 (0)6 08 33 32 61
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
