[
https://issues.apache.org/jira/browse/CASSANDRA-14183?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16334425#comment-16334425
]
ASF GitHub Bot commented on CASSANDRA-14183:
--------------------------------------------
GitHub user tveronezi opened a pull request:
https://github.com/apache/cassandra/pull/186
[CASSANDRA-14183] Fixes serialization vulnerability
Fixes serialization vulnerability described here
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5929
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/tveronezi/cassandra CVE-2017-5929
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/cassandra/pull/186.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #186
----
commit abc891fdb25b5b0e395851427bb8514c9ab666cf
Author: Thiago Veronezi <thiago@...>
Date: 2018-01-22T15:40:55Z
[CASSANDRA-14183] Fixes serialization vulnerability
----
> CVE-2017-5929 Security vulnerability
> ------------------------------------
>
> Key: CASSANDRA-14183
> URL: https://issues.apache.org/jira/browse/CASSANDRA-14183
> Project: Cassandra
> Issue Type: Improvement
> Components: Libraries
> Reporter: Thiago Veronezi
> Priority: Major
> Fix For: 3.11.x
>
>
> Cassandra 3.11.1 is patched with logback 1.1.3, which contains the security
> vulnerability described here.
> [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5929]
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org
