Red5-client is dependent on vulnerable version of mina-core #52
Comments
|
@rawler the versions will normally be found in the properties section of the current pom or in the parent pom (see red5-parent). Also the CVE linked does not affect Red5 since we do not use Mina for HTTP requests; the only way it could possibly be exploited is with a specially crafted RTMPT client, if one was so inclined. |
|
Good point R.E. not applicable to red5-client. Any good reason to not bump dependency to fixed version? (2.1.5) |
|
If there was a road map, I'd say that's on there, but in actuality I haven't taken it on yet. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Details can be seen on https://mvnrepository.com/artifact/org.red5/red5-client/1.2.12
Tried to patch it up myself, but failed to understand what controls
${mina.version}in pom.xml.The text was updated successfully, but these errors were encountered: