I will participate in the handling of security issue fixes Best Regards, Jiangke Wu
Min Ji <[email protected]> 于2024年1月26日周五 16:20写道: > Progress Update: > 1. After cross-version upgrade[1] of front-end components, these upgrades > may be breaking change, but no compatibility problems have been found in > functions so far. The number of front-end dependent security > vulnerabilities dropped from 25 in the past to 8, this is a big milestone. > > 2. For the backend we still have a lot of dependency upgrades to eliminate > dependency vulnerabilities. > > > [1]. https://github.com/apache/incubator-seata/pull/6301 > > > > Warm regards, > > Ji Min > > > Qiufeng Liu <[email protected]> 于2024年1月26日周五 09:31写道: > > > Hi, > > I fully appreciate the gravity of these issues and am eager to contribute > > to ensuring the integrity and security of Seata's functionalities. > > I'm encouraged by the progress made in mitigating vulnerabilities, > > particularly the efforts to reduce front-end vulnerabilities in the > > incubator-seata project and the significant improvements on the Seata > > official website. It's inspiring to see the dedication and hard work of > > contributors in making Seata safer for all users. > > I would be honored to join the fix plan and offer my expertise to help > > resolve these vulnerabilities. Please provide me with more information on > > how I can actively participate in this initiative. I am committed to > > supporting the community and contributing to the ongoing security > > enhancements of Seata. > > Looking forward to your guidance and further details on how I can get > > involved. > > Warm regards, > > Qiufeng Liu > > ------------------------------------------------------------------ > > 发件人:Min Ji <[email protected]> > > 发送时间:2024年1月25日(星期四) 21:16 > > 收件人:dev<[email protected]> > > 抄 送:private<[email protected]> > > 主 题:Call for Contributors to Address Dependency Security Vulnerabilities > > Hi Seata Community, > > As you are aware, Seata is a transaction middleware designed to ensure > data > > consistency across various resources. Its extensive extension mechanisms > > allow plug-in support for storage, RPC, database, and configuration > > registry. > > With such a broad scope of functionalities, Seata inherently relies on > > numerous third-party dependencies. These dependencies are often the > subject > > of reported security vulnerabilities over time. It is in this context > that > > I am reaching out to the community to rally our collective effort in > > addressing these critical security concerns. > > We need proactive participation from contributors like you to help patch > > these vulnerabilities, ensuring that any upgrades or replacements > maintain > > the compatibility and integrity of Seata's features. Our commitment to > > dependency security is unwavering; we have successfully remediated over > 200 > > dependency vulnerabilities to date. > > We have set up a dedicated project[1] to track and address these security > > vulnerabilities. I earnestly hope that you will appreciate the gravity of > > these security issues and join us in our endeavor to resolve them. Our > > primary focus at the moment is on the Seata, seata-go, and the official > > Seata website projects. > > Here are the recent updates on our progress: > > 1. Thanks to the monumental efforts of liuqiufeng[2] and ptyin[3], the > > reconstruction of the saga designer framework and a wide-scale upgrade of > > dependencies have reduced the number of front-end vulnerabilities in the > > incubator-seata project to 25. However, we still have over 50 back-end > > vulnerabilities that need attention. > > 2. The security vulnerabilities on the Seata official website were > > significantly diminished from over 50 to less than 10, through an upgrade > > to the docusaurus from the docsite framework. Special thanks to > > chai001125[4] for this achievement. > > We invite you to join our fix plan and help make Seata safer and more > > reliable. Your expertise and contributions are invaluable to our > community, > > and together, we can ensure a more secure environment for all Seata > users. > > To participate or for more information on how you can help, please reply > to > > this email. > > Thank you for your dedication to the Seata community and for considering > > this important initiative. Let's work together to continue to safeguard > our > > technology. > > [1]. https://github.com/apache/incubator-seata/projects/12 < > > https://github.com/apache/incubator-seata/projects/12 > > > [2]. https://github.com/liuqiufeng <https://github.com/liuqiufeng > > > [3]. https://github.com/ptyin <https://github.com/ptyin > > > [4]. https://github.com/chai001125 <https://github.com/chai001125 > > > Warm regards, > > Ji Min > > >
