CVE-2022-1278
95 views
Skip to first unread message
Ming Qiu
Sep 18, 2022, 9:26:26 PM9/18/22
to WildFly
Hi WildFly Team,
We are currently on version 26.1.2.Final of WF, and there is a CVE-2022-1278 raised against a few WildFly related jars:
licenses-plugin-2.0.0.Final.jar
transformer-5.2.10.Final.jar (shaded: org.wildfly.extras.batavia:transformer-api:1.0.12.Final)
transformer-5.2.10.Final.jar
wildfly-galleon-plugins-5.2.10.Final.jar
The 26.1.2 WF doesn't seem to be appeared on the CPE list.
But, we would like to double check if 26.1.2.Final is vulnerable to CVE-2022-1278.
If so, is there a plan to address this in the 27.0.0.Final release.
Thanks in advance.
Regards,
Ming
Darran Lofthouse
Sep 20, 2022, 11:44:33 AM9/20/22
to WildFly
FYI this is the Jira issue handling this in WildFly which presently has an open PR https://issues.redhat.com/browse/WFLY-16238
Loca4368
Sep 20, 2022, 7:12:04 PM9/20/22
to Darran Lofthouse, WildFly
Hi Jason and Darran,
Thanks for the clarification and information.
Appreciated
Regards,
Ming
Darran Lofthouse <darran.l...@redhat.com> 于2022年9月21日周三 01:44写道:
--
You received this message because you are subscribed to a topic in the Google Groups "WildFly" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/wildfly/FgE5asnbh0s/unsubscribe.
To unsubscribe from this group and all its topics, send an email to wildfly+u...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wildfly/c91f36f5-7945-4723-9f8c-9ad53dd1feaen%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages