Uploaded image for project: 'Undertow'
  1. Undertow
  2. UNDERTOW-1295

Missing information about security vulnerabilities

    XMLWordPrintable

Details

    • Bug
    • Status: Open (View Workflow)
    • Major
    • Resolution: Unresolved
    • 1.4.22.Final
    • None
    • Security
    • None

    Description

      According to Mitre four CVE were recently assigned for undertow. These are CVE-2017-7559, CVE-2017-12165, CVE-2018-1047 and CVE-2018-1048. Unfortunately detailed information about the vulnerabilities and how they were addressed are not available.

      Please consider being more transparent about security vulnerabilities, e.g. by creating a dedicated web page which announces security vulnerabilities and documents how they were resolved. Adding CVE identifiers to commit messages at github.com would also be helpful to determine which commit addressed a certain CVE.

      Attachments

        Activity

          People

            sdouglas1@redhat.com Stuart Douglas
            apo2019 Markus Koschany (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

              Created:
              Updated: