[jira] [Work logged] (KNOX-3366) Upgrade mina-core to 2.2.8

[ASF GitHub Bot (Jira)]

     [ 
https://issues.apache.org/jira/browse/KNOX-3366?focusedWorklogId=1027544&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-1027544
 ]

ASF GitHub Bot logged work on KNOX-3366:
----------------------------------------

                Author: ASF GitHub Bot
            Created on: 30/Jun/26 11:13
            Start Date: 30/Jun/26 11:13
    Worklog Time Spent: 10m 
      Work Description: devaspatikrishnatri opened a new pull request, #1285:
URL: https://github.com/apache/knox/pull/1285

   (It is very **important** that you created an Apache Knox JIRA for this 
change and that the PR title/commit message includes the Apache Knox JIRA ID!)
   
   [KNOX-3366](https://issues.apache.org/jira/browse/KNOX-3366) - Upgrade 
mina-core to 2.2.8
   
   ## What changes were proposed in this pull request?
   
   Upgrade mina-core to 2.2.8 to target CVEs.
   CVE-2026-47065: Critical Deserialization Allow-list Bypass via 
resolveProxyClass - ZDRES-232
   CVE-2026-47321: Unbounded Decompression Amplification DoS in Apache Mina 
Zlib.inflate - ZDRES-231
   https://mina.apache.org/mina-project/news
   
   ## How was this patch tested?
   Built Locally , relying on precommits.
   
   ## Integration Tests
   No additional tests added , as this is a minor change.
   
   Please review [Knox Contributing 
Process](https://cwiki.apache.org/confluence/display/KNOX/Contribution+Process#ContributionProcess-GithubWorkflow)
 before opening a pull request.
   




Issue Time Tracking
-------------------

            Worklog Id:     (was: 1027544)
    Remaining Estimate: 0h
            Time Spent: 10m

> Upgrade mina-core to 2.2.8
> --------------------------
>
>                 Key: KNOX-3366
>                 URL: https://issues.apache.org/jira/browse/KNOX-3366
>             Project: Apache Knox
>          Issue Type: Improvement
>            Reporter: Devaspati Krishnatri
>            Priority: Major
>          Time Spent: 10m
>  Remaining Estimate: 0h
>
> Helps in fixing CVEs.
> [https://mina.apache.org/mina-project/news]
> The MINA project is pleased to announce the MINA 2.2.8, 2.1.13 and 2.0.29 
> releases.
> It fixed two CVE:
>  * CVE-2026-47065 (Critical CVE): Critical Deserialization Allow-list Bypass 
> via resolveProxyClass - ZDRES-232
>  * CVE-2026-47321: Unbounded Decompression Amplification DoS in Apache Mina 
> Zlib.inflate - ZDRES-231
> The minor fix is related to the CumulativeProtocolDecoder which was not 
> properly eleasing some buffers.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)