CVE-2022-1278

63 views
Skip to first unread message

Ming Qiu

unread,
Sep 18, 2022, 9:26:26 PMSep 18
to WildFly
Hi WildFly Team,

We are currently on version 26.1.2.Final of WF, and there is a CVE-2022-1278 raised against a few WildFly related jars:
licenses-plugin-2.0.0.Final.jar
transformer-5.2.10.Final.jar (shaded: org.wildfly.extras.batavia:transformer-api:1.0.12.Final)
transformer-5.2.10.Final.jar
wildfly-galleon-plugins-5.2.10.Final.jar

The 26.1.2 WF doesn't seem to be appeared on the CPE list.

But, we would like to double check if 26.1.2.Final is vulnerable to CVE-2022-1278.
If so, is there a plan to address this in the 27.0.0.Final release.

Thanks in advance.

Regards,
Ming

Darran Lofthouse

unread,
Sep 20, 2022, 11:44:33 AMSep 20
to WildFly
FYI this is the Jira issue handling this in WildFly which presently has an open PR https://issues.redhat.com/browse/WFLY-16238

Loca4368

unread,
Sep 20, 2022, 7:12:04 PMSep 20
to Darran Lofthouse, WildFly
Hi Jason and Darran,

Thanks for the clarification and information.

Appreciated

Regards,
Ming

Darran Lofthouse <darran.l...@redhat.com> 于2022年9月21日周三 01:44写道:
--
You received this message because you are subscribed to a topic in the Google Groups "WildFly" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/wildfly/FgE5asnbh0s/unsubscribe.
To unsubscribe from this group and all its topics, send an email to wildfly+u...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wildfly/c91f36f5-7945-4723-9f8c-9ad53dd1feaen%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages