Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Is there any plan fixed CVE-2018-8088 Vulnerabilities to release a GA Version #1130

Closed
jixiang8320216 opened this issue May 9, 2024 · 2 comments
Closed

Is there any plan fixed CVE-2018-8088 Vulnerabilities to release a GA Version #1130

jixiang8320216 opened this issue May 9, 2024 · 2 comments

Comments

@jixiang8320216
Copy link

Currently, we use Quartz 2.3.2. However, the SLF4J in Quartz 2.3.2 has the CVE-2018-8088 vulnerability. Is there any GA version to be released?

CVE-2018-8088
org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before 1.8.0-beta2 allows remote attackers to bypass intended access restrictions via crafted data. EventData in the slf4j-ext module in QOS.CH SLF4J, has been fixed in SLF4J versions 1.7.26 later and in the 2.0.x series.
@hkuhn42
Copy link

hkuhn42 commented Aug 15, 2024

Why don't you just use the fixed version 1.7.26? It is compatible and works just fine with quartz. We currently use 2.0.9 and do not have any problems.

@jhouserizer
Copy link
Contributor

2.4.0 RC already addresses it, the comment from hkuhn42 is valid for other existing versions, final 2.4.0 should be available within a couple weeks.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jhouserizer @jixiang8320216 @hkuhn42