Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update XStream to 1.4.20 to fix CVE-2022-40151 & CVE-2022-41966 #16276

Closed
famod opened this issue Jan 5, 2023 · 2 comments · Fixed by #16384
Closed

Update XStream to 1.4.20 to fix CVE-2022-40151 & CVE-2022-41966 #16276

famod opened this issue Jan 5, 2023 · 2 comments · Fixed by #16384
Labels
kind/bug Categorizes a PR related to a bug
Milestone
20.0.3

Comments

@famod
Copy link

famod commented Jan 5, 2023

Description

Probably via Infinispan: https://issues.redhat.com/browse/ISPN-14437 (more info there)

Discussion

No response

Motivation

No response

Details

No response
@famod famod added kind/enhancement Categorizes a PR related to an enhancement status/triage labels Jan 5, 2023
stianst added a commit to stianst/keycloak that referenced this issue Jan 11, 2023
@stianst
Update to XStream 1.4.20
b1474dc 
Closes keycloak#16276
@stianst stianst mentioned this issue Jan 11, 2023
Merged
stianst added a commit to stianst/keycloak that referenced this issue Jan 12, 2023
@stianst
Update to XStream 1.4.20
6538007 
Closes keycloak#16276
@stianst stianst added this to the 20.0.3 milestone Jan 12, 2023
@stianst stianst added kind/bug Categorizes a PR related to a bug and removed kind/enhancement Categorizes a PR related to an enhancement labels Jan 12, 2023
vmuzikar pushed a commit that referenced this issue Jan 12, 2023
@stianst @vmuzikar
Update to XStream 1.4.20
09ff572 
Closes #16276
@ghost ghost removed the status/triage label Jan 12, 2023
@stianst stianst mentioned this issue Jan 12, 2023
Merged
stianst added a commit that referenced this issue Jan 12, 2023
@stianst
Update to XStream 1.4.20
7c8a0d3 
Closes #16276
@famod
Copy link
Author

famod commented Jan 12, 2023

@stianst thanks for the quick fix! Is there an approximate ETA for 2.0.3? Thanks!

stianst added a commit that referenced this issue Jan 12, 2023
@stianst
Update to XStream 1.4.20 (#16411)
6572a64 
Closes #16276
@nxadm
Copy link
Contributor

nxadm commented Jan 13, 2023

@stianst @famod Does this mean that aslong the infinispan port if firewalled (and not accessible to oidc/saml2 clients) there should be no impact? Is Xstream only used to serialize cluster data?

Thx.

patrick-primesign pushed a commit to primesign/keycloak that referenced this issue Jan 16, 2023
@stianst @patrick-primesign
Update to XStream 1.4.20
f85f0cf 
Closes keycloak#16276
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/bug Categorizes a PR related to a bug
Projects
None yet
Milestone
20.0.3
Development

Successfully merging a pull request may close this issue.

Update to XStream 1.4.20 stianst/keycloak
3 participants
@stianst @nxadm @famod