Devaspati Krishnatri created KNOX-3366:
------------------------------------------
Summary: Upgrade mina-core to 2.2.8
Key: KNOX-3366
URL: https://issues.apache.org/jira/browse/KNOX-3366
Project: Apache Knox
Issue Type: Improvement
Reporter: Devaspati Krishnatri
Helps in fixing CVEs.
[https://mina.apache.org/mina-project/news]
The MINA project is pleased to announce the MINA 2.2.8, 2.1.13 and 2.0.29
releases.
It fixed two CVE:
* CVE-2026-47065 (Critical CVE): Critical Deserialization Allow-list Bypass
via resolveProxyClass - ZDRES-232
* CVE-2026-47321: Unbounded Decompression Amplification DoS in Apache Mina
Zlib.inflate - ZDRES-231
The minor fix is related to the CumulativeProtocolDecoder which was not
properly eleasing some buffers.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
