[
https://jira.qos.ch/browse/SLF4J-451?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=19431#comment-19431
]
Nathan Jensen commented on SLF4J-451:
-------------------------------------
Thank you for fixing the CVE for 1.7 branch. Even though it did not apply to
our project, it showed up in security scans and required explanations to
managers about how it did not affect our project. I received the email that
1.7.26 is available but it does not appear to be on the downloads page or maven
central. Can you please update those locations to provide 1.7.26? Thank you.
> org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before
> 1.8.0-beta2 allows remote attackers to bypass intended access restrictions
> via crafted data.
> -------------------------------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: SLF4J-451
> URL: https://jira.qos.ch/browse/SLF4J-451
> Project: SLF4J
> Issue Type: Bug
> Components: slf4j-ext
> Affects Versions: 1.8.0-beta2
> Environment: Linux
> Reporter: Narayan
> Assignee: SLF4J developers list
> Labels: logging
>
> More details is available in
> [https://nvd.nist.gov/vuln/detail/CVE-2018-8088|https://nvd.nist.gov/vuln/detail/CVE-2018-8088#VulnChangeHistorySection]
--
This message was sent by Atlassian JIRA
(v7.3.1#73012)
_______________________________________________
slf4j-dev mailing list
slf4j-dev@qos.ch
http://mailman.qos.ch/mailman/listinfo/slf4j-dev
