Uploaded image for project: 'WildFly Core'
  1. WildFly Core
  2. WFCORE-5538

Upgrade Apache MINA SSHD to 2.7.0 (fixes CVE-2021-30129), JGit to compatible version

XMLWordPrintable

    • Icon: Component Upgrade Component Upgrade
    • Resolution: Done
    • Icon: Major Major
    • 17.0.0.Final
    • None
    • Management, Security
    • None
    • Undefined

      Pick up the fix to https://nvd.nist.gov/vuln/detail/CVE-2021-30129

      I haven't carefully looked at the CVE but at a glance it doesn't sound particularly relevant to WildFly's use of MINA SSHD. But it's High Severity in general so it's good to eliminate component versions with such things.

      Unfortunately local testing shows a simple update fails because our JGit integration is not compatible. We need a JGit release with https://bugs.eclipse.org/bugs/show_bug.cgi?id=574220 fixed.

      I don't know if Elytron testing or testing of the upgrade in full WF would show other issues.

      Changes in 2.7.0: https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310849&version=12349400

              ehugonne1@redhat.com Emmanuel Hugonnet
              bstansbe@redhat.com Brian Stansberry
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated:
                Resolved: