Hi Yuan Bao,

According to this mailing list's feedbacks, we need to backport that fix to
the previous version, could you help to do that? And PMC could help you to
release them.

Best Regards!
@ Zhiyuan Ju <https://github.com/juzhiyuan>


okaybase <okayb...@apache.org> 于2021年12月29日周三 22:49写道:

> Support backport the fix +1
> This will help users to quickly improve the security of the Dashboard.
>
> JunXu Chen <chenju...@apache.org> 于2021年12月29日周三 20:48写道:
>
> > Support backport the fix +1
> >
> >
> > On Wed, 29 Dec 2021 at 17:30, Tsangleslie <leslie.ts...@icloud.com
> > .invalid>
> > wrote:
> >
> > > Agreed to backport the fix. For users using APISIX in prod environment,
> > > It will be a long day to upgrade both APISIX and APISIX dashboard.
> > >
> > >
> > > > On 29 Dec 2021, at 5:16 PM, Zhiyuan Ju <juzhiy...@apache.org> wrote:
> > > >
> > > > I also support back port this fix to previous Dashboard, or provide a
> > > quick
> > > > way for users to disable those 2 Unauthorized APIs
> > > >
> > > > Baoyuan <baoyuan....@gmail.com>于2021年12月29日 周三下午4:35写道:
> > > >
> > > >> Hi Community, when APISIX Dashboard users try to fix CVE-2021-45232,
> > > they
> > > >> need to upgrade Dashboard to version 2.10.1.
> > > >>
> > > >> Due to the Dashboard version needing to correspond to APISIX, users
> > will
> > > >> also need to consider upgrading APISIX, which may cause
> inconvenience
> > to
> > > >> users.
> > > >>
> > > >> Are we considering backporting the fixed code for this vulnerability
> > to
> > > the
> > > >> previous affected version? What do you think?
> > > >>
> > > > --
> > > > 来自 琚致远
> > >
> > >
> >
>

Reply via email to