Uploaded image for project: 'WildFly Core'
  1. WildFly Core
  2. WFCORE-5538

Upgrade Apache MINA SSHD to 2.7.0 (fixes CVE-2021-30129), JGit to compatible version

XMLWordPrintable

    • Icon: Component Upgrade Component Upgrade
    • Resolution: Done
    • Icon: Major Major
    • 17.0.0.Final
    • None
    • Management, Security
    • None
    • Undefined

      Pick up the fix to https://nvd.nist.gov/vuln/detail/CVE-2021-30129

      I haven't carefully looked at the CVE but at a glance it doesn't sound particularly relevant to WildFly's use of MINA SSHD. But it's High Severity in general so it's good to eliminate component versions with such things.

      Unfortunately local testing shows a simple update fails because our JGit integration is not compatible. We need a JGit release with https://bugs.eclipse.org/bugs/show_bug.cgi?id=574220 fixed.

      I don't know if Elytron testing or testing of the upgrade in full WF would show other issues.

      Changes in 2.7.0: https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310849&version=12349400

            ehugonne1@redhat.com Emmanuel Hugonnet
            bstansbe@redhat.com Brian Stansberry
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:
              Resolved: