[D] [Bug] Broker引入的Rocksdb超危漏洞，需要升级rocketmq-rocksdb-jni，但是无法确定Release对应哪个开源工程？ [rocketmq]


GitHub user DeerplayHub created a discussion: [Bug] 
Broker引入的Rocksdb超危漏洞，需要升级rocketmq-rocksdb-jni，但是无法确定Release对应哪个开源工程？


漏洞：
zlib 输入验证错误漏洞 | CNNVD-202310-1086 | CVE-2023-45853 | 超危 | 个人开发者 | 
https://github.com/madler/zlib/pull/843

目前已发现的开源仓库：
https://github.com/aliyunmq/rocketmq-rocksdb
https://github.com/lizhimins/rocksdb

请问最终发布到Maven仓库对应哪个开源项目的哪个分支或TAG？
<img width="1447" height="742" alt="image" 
src="https://github.com/user-attachments/assets/4cd4333e-b228-44d9-98b7-3d630d366a1d";
 />


GitHub link: https://github.com/apache/rocketmq/discussions/9974

----
This is an automatically sent email for [email protected].
To unsubscribe, please send an email to: [email protected]

[D] [Bug] Broker引入的Rocksdb超危漏洞，需要升级rocketmq-rocksdb-jni，但是无法确定Release对应哪个开源工程？ [rocketmq]

Reply via email to