[jira] [Created] (DIRMINA-1175) Question about the Correctness of the Affected Scope of Vulnerability CVE-2023-35887 on NVD
Radar wen created DIRMINA-1175: -- Summary: Question about the Correctness of the Affected Scope of Vulnerability CVE-2023-35887 on NVD Key: DIRMINA-1175 URL: https://issues.apache.org/jira/browse/DIRMINA-1175 Project: MINA Issue Type: Wish Reporter: Radar wen We see from NVD that vulnerability CVE-2023-35887 affects Apache MINA ([https://nvd.nist.gov/vuln/detail/CVE-2023-35887)] However, we looked for a lot of information, including the reference links, the Apache MINA community, but we didn't see any discussion of whether it affected Apache MINA, only that this issue affected Apache MINA SSHD. https://lists.apache.org/thread/b9qgtqvhnvgfpn0w1gz918p21p53tqk2 https://www.cve.org/CVERecord?id=CVE-2023-35887 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35887 https://vuldb.com/?id.233305 https://issues.apache.org/jira/browse/SSHD-1324 Then we consulted the reporter of original source of the issue: (https://github.com/apache/mina-sshd/pull/362), and the answer was: The issue affects the Apache Mina SSHD project, not the Apache Mina library. So, we would like to consult, is the NVD affected scope inaccurate? -- This message was sent by Atlassian Jira (v8.20.10#820010) - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
[jira] [Commented] (DIRMINA-1170) Will Apache MINA 2.1 and Apache MINA 2.2 evolve in dual branches?
[ https://issues.apache.org/jira/browse/DIRMINA-1170?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17713341#comment-17713341 ] Radar wen commented on DIRMINA-1170: Thank you for your reply. > Will Apache MINA 2.1 and Apache MINA 2.2 evolve in dual branches? > - > > Key: DIRMINA-1170 > URL: https://issues.apache.org/jira/browse/DIRMINA-1170 > Project: MINA > Issue Type: Wish >Reporter: Radar wen >Priority: Major > > Excuse me, I would like to ask whether Apache MINA 2.1 and 2.2 will be > dual-branch evolution in the future? > In other words, if the 2.1 version has vulnerabilities in the future, will > the 2.1.x version be released to fix the vulnerabilities? Or just release > 2.2.x to fix the vulnerabilities? -- This message was sent by Atlassian Jira (v8.20.10#820010) - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
[jira] [Created] (DIRMINA-1170) Will Apache MINA 2.1 and Apache MINA 2.2 evolve in dual branches?
Radar wen created DIRMINA-1170: -- Summary: Will Apache MINA 2.1 and Apache MINA 2.2 evolve in dual branches? Key: DIRMINA-1170 URL: https://issues.apache.org/jira/browse/DIRMINA-1170 Project: MINA Issue Type: Wish Reporter: Radar wen Excuse me, I would like to ask whether Apache MINA 2.1 and 2.2 will be dual-branch evolution in the future? In other words, if the 2.1 version has vulnerabilities in the future, will the 2.1.x version be released to fix the vulnerabilities? Or just release 2.2.x to fix the vulnerabilities? -- This message was sent by Atlassian Jira (v8.20.10#820010) - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org