4devwithgit opened a new issue, #311: URL: https://github.com/apache/mina-sshd/issues/311
### Version 2.7.0 ### Bug description This is in regards to the security vulnerability, https://nvd.nist.gov/vuln/detail/CVE-2022-45047 In our code implementation for **apache sshd server of 2.7.0**, we are using KeyPairProvider Interface, with below code snippet. So, I am reviewing whether we are really vulnerable to the above security issue. To me it looks like, internally apache might still call SimpleGeneratorHostKeyProvider and hence vulnerability is there, and we need to upgrade to the latest version. import org.apache.sshd.common.keyprovider.KeyPairProvider; ... KeyPair hostKeyPair = readKeyPair(config.getHostIdentityKey()); if (hostKeyPair != null) { KeyPairProvider serverKeys = getProvider(hostKeyPair); sshdServer.setKeyPairProvider(serverKeys); } Thanks Dev ### Actual behavior Question ### Expected behavior security issue ### Relevant log output _No response_ ### Other information _No response_ -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
