Re: Developer Mailing List

2022-04-12 Thread Lokesh Bandaru 
On Mon, Apr 11, 2022 at 6:29 PM Lokesh Bandaru 
wrote:

> Hello, writing with regards the developer mailing list membership.
>
> Thanks.
>

Re: CVE-2022-22963

2022-04-12 Thread Stephen Darlington 
Ignite doesn’t ship with Spring Cloud, so no. There is a related vulnerability 
(CVE 2022-22965), which is in Spring Core. However,

> “In order to exploit the vulnerabilities, the following requirements must be 
> met:
> 
>   • JDK 9 or higher
>   • Apache Tomcat as the Servlet container
>   • Packaged as WAR
>   • spring-webmvc or spring-webflux dependency"

(https://sysdig.com/blog/cve-2022-22965-spring-core-spring4shell/ 
)

So, again, Ignite is not vulnerable. Having said that, if you perform an 
automated security scan it may flag it.

> On 31 Mar 2022, at 08:24, Vishwas Bm  wrote:
> 
> Hi All,
> 
> Is ignite impacted by this critical vulnerability?
> 
> https://securityboulevard.com/2022/03/cyrc-vulnerability-analysis-two-distinct-spring-vulnerabilities-discovered-spring4shell-and-cve-2022-22963/
> 
> 
> Regards,
> Vishwas

Re: Hello

2022-04-12 Thread Ilya Kasnacheev 
Hello!

I have added you to Contributors role, you may now assign issues to
yourself.

Please make sure to read
https://cwiki.apache.org/confluence/display/IGNITE/How+to+Contribute

Regards,
-- 
Ilya Kasnacheev


вт, 12 апр. 2022 г. в 07:48, Benjamin Mankowitz :

> Hello Ignite Community!
>
> My name is Benjamin Mankowitz. I want to contribute to Apache Ignite and
> want to start with this issue - IGNITE-16465, my JIRA username is
> bmankowitz. Any help on this will be appreciated, especially if anyone
> knows how to reproduce the bug.
>
> Thanks!
>