Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

2.16 - Enforce the configured TLS version #34469

Merged
merged 1 commit into from
Jul 4, 2023

Conversation

cescoffier
Copy link
Member

Fix https://access.redhat.com/security/cve/cve-2023-2974

The embargo has been lifted.

@gsmet gsmet added this to the 2.16.8.Final milestone Jul 3, 2023
@quarkus-bot

This comment has been minimized.

@gsmet
Copy link
Member

gsmet commented Jul 3, 2023

@cescoffier apparently, you can't use a Set in config:

2023-07-03T09:09:55.7396719Z Caused by: java.lang.RuntimeException: java.lang.RuntimeException: java.lang.IllegalArgumentException: SRCFG00013: No Converter registered for interface java.util.Set
2023-07-03T09:09:55.7397457Z 	at io.quarkus.runtime.configuration.ConfigInstantiator.handleObject(ConfigInstantiator.java:135)
2023-07-03T09:09:55.7398152Z 	at io.quarkus.runtime.configuration.ConfigInstantiator.handleObject(ConfigInstantiator.java:74)
2023-07-03T09:09:55.7399112Z 	at io.quarkus.vertx.http.devconsole.BodyHandlerBean.setup(BodyHandlerBean.java:20)
2023-07-03T09:09:55.7399703Z 	at io.quarkus.vertx.http.devconsole.BodyHandlerBean_Observer_setup_baa07743e34332319d9a52e7925a9fa5cd82e521.notify(Unknown Source)
2023-07-03T09:09:55.7400522Z 	at io.quarkus.arc.impl.EventImpl$Notifier.notifyObservers(EventImpl.java:328)
2023-07-03T09:09:55.7401191Z 	at io.quarkus.arc.impl.EventImpl$Notifier.notify(EventImpl.java:310)
2023-07-03T09:09:55.7401707Z 	at io.quarkus.arc.impl.EventImpl.fire(EventImpl.java:78)
2023-07-03T09:09:55.7402262Z 	at io.quarkus.vertx.http.runtime.VertxHttpRecorder.finalizeRouter(VertxHttpRecorder.java:363)
2023-07-03T09:09:55.7402911Z 	at io.quarkus.deployment.steps.VertxHttpProcessor$finalizeRouter1136011590.deploy_0(Unknown Source)
2023-07-03T09:09:55.7403521Z 	at io.quarkus.deployment.steps.VertxHttpProcessor$finalizeRouter1136011590.deploy(Unknown Source)
2023-07-03T09:09:55.7403914Z 	... 13 more
2023-07-03T09:09:55.7404537Z Caused by: java.lang.RuntimeException: java.lang.IllegalArgumentException: SRCFG00013: No Converter registered for interface java.util.Set
2023-07-03T09:09:55.7405447Z 	at io.quarkus.runtime.configuration.ConfigInstantiator.handleObject(ConfigInstantiator.java:135)
2023-07-03T09:09:55.7406144Z 	at io.quarkus.runtime.configuration.ConfigInstantiator.handleObject(ConfigInstantiator.java:106)
2023-07-03T09:09:55.7406582Z 	... 22 more
2023-07-03T09:09:55.7407087Z Caused by: java.lang.IllegalArgumentException: SRCFG00013: No Converter registered for interface java.util.Set
2023-07-03T09:09:55.7407662Z 	at io.smallrye.config.SmallRyeConfig.requireConverter(SmallRyeConfig.java:484)
2023-07-03T09:09:55.7408295Z 	at io.quarkus.runtime.configuration.ConfigInstantiator.getConverterFor(ConfigInstantiator.java:195)
2023-07-03T09:09:55.7409006Z 	at io.quarkus.runtime.configuration.ConfigInstantiator.handleObject(ConfigInstantiator.java:120)

@cescoffier
Copy link
Member Author

Weird as the patch got applied downstream... let me check what's going on.

@cescoffier
Copy link
Member Author

Ok... works locally... this is going to be fun.

@cescoffier
Copy link
Member Author

Switched back to list - let's see.

@cescoffier cescoffier changed the title Enforce the configured TLS version 2.16 - Enforce the configured TLS version Jul 3, 2023
@cescoffier
Copy link
Member Author

Damned ---- just saw it's for 2.16.

@cescoffier cescoffier force-pushed the 2.16-cve-2023-2974 branch from 4ed7758 to d5fc954 Compare July 3, 2023 12:19
@gastaldi gastaldi added the triage/waiting-for-ci Ready to merge when CI successfully finishes label Jul 3, 2023
@quarkus-bot
Copy link

quarkus-bot bot commented Jul 3, 2023

Failing Jobs - Building d5fc954

Status Name Step Failures Logs Raw logs
✔️ JVM Tests - JDK 11
JVM Tests - JDK 11 Windows Build ⚠️ Check → Logs Raw logs
✔️ JVM Tests - JDK 17
✔️ JVM Tests - JDK 18
✔️ Maven Tests - JDK 11
Maven Tests - JDK 11 Windows Build ⚠️ Check → Logs Raw logs
Native Tests - Data6 Build ⚠️ Check → Logs Raw logs
Native Tests - Windows - RESTEasy Jackson Build Failures Logs Raw logs

Failures

⚙️ Native Tests - Windows - RESTEasy Jackson #

- Failing: integration-tests/resteasy-jackson 

📦 integration-tests/resteasy-jackson

Failed to execute goal io.quarkus:quarkus-maven-plugin:2.16.999-SNAPSHOT:build (default) on project quarkus-integration-test-resteasy-jackson: Failed to build quarkus application

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants