Support backport the fix +1 This will help users to quickly improve the security of the Dashboard.
JunXu Chen <chenju...@apache.org> 于2021年12月29日周三 20:48写道: > Support backport the fix +1 > > > On Wed, 29 Dec 2021 at 17:30, Tsangleslie <leslie.ts...@icloud.com > .invalid> > wrote: > > > Agreed to backport the fix. For users using APISIX in prod environment, > > It will be a long day to upgrade both APISIX and APISIX dashboard. > > > > > > > On 29 Dec 2021, at 5:16 PM, Zhiyuan Ju <juzhiy...@apache.org> wrote: > > > > > > I also support back port this fix to previous Dashboard, or provide a > > quick > > > way for users to disable those 2 Unauthorized APIs > > > > > > Baoyuan <baoyuan....@gmail.com>于2021年12月29日 周三下午4:35写道: > > > > > >> Hi Community, when APISIX Dashboard users try to fix CVE-2021-45232, > > they > > >> need to upgrade Dashboard to version 2.10.1. > > >> > > >> Due to the Dashboard version needing to correspond to APISIX, users > will > > >> also need to consider upgrading APISIX, which may cause inconvenience > to > > >> users. > > >> > > >> Are we considering backporting the fixed code for this vulnerability > to > > the > > >> previous affected version? What do you think? > > >> > > > -- > > > 来自 琚致远 > > > > >
