Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support for CouchDB v3.3.3 #4594

Closed
benjsmi opened this issue Jan 5, 2024 · 3 comments
Closed

Support for CouchDB v3.3.3 #4594

benjsmi opened this issue Jan 5, 2024 · 3 comments
Labels
enhancement

Comments

@benjsmi
Copy link
Contributor

benjsmi commented Jan 5, 2024

Current Status

As per https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45725, CouchDB v3.3.2 has a vulnerability associated with exploiting views. Hyperledger Fabric builds are currently referring to CouchDB v3.3.2: https://github.com/hyperledger/fabric/blob/main/Makefile#L54

Expected

Expected to run CouchDB v3.3.3.

Solution

Move to CouchDB v3.3.3 in Makefile. I will provide a PR.

Please let us know if you plan to work on this.

Yes!
@benjsmi benjsmi mentioned this issue Jan 5, 2024
Merged
@benjsmi
Copy link
Contributor Author

benjsmi commented Jan 5, 2024

Proposed change here: #4595

This was referenced Jan 9, 2024
Merged
Merged
@benjsmi
Copy link
Contributor Author

benjsmi commented Jan 9, 2024

My change didn't work, but there are two backport PRs for this:

denyeart pushed a commit that referenced this issue Jan 12, 2024
@benjsmi @denyeart
Upgrade the CouchDB used to v3.3.3 as per CVE-2023-45725.
844e281 
Tracked by #4594

Signed-off-by: Ben Smith <benjsmi@us.ibm.com>
@denyeart
Copy link
Contributor

Merged into main and backported, closing.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@benjsmi @denyeart