Comments (6)
cescoffier
commented on July 21, 2024
1
Ah didn't see the CVE. I need to investigate.
from quarkus.
chberger
commented on July 21, 2024
1
@chberger FYI, we are not vulnerable.
We offer two gRPC servers:
* the gRPC Java one based on Netty - Netty has an RST Flood protection * the Vert.x based gRPC server - Vert.x has an RST Flood protection
@cescoffier Thank you for looking at this in detail!
This means their is not need to upgrade the grpc.version within 3.8 stream, as Netty and Vert.x have RST Flood protection in place. It's fine for me! In that case I'll mark the vulnerability to be ignored.
from quarkus.
quarkus-bot
commented on July 21, 2024
/cc @alesj (grpc), @cescoffier (grpc)
from quarkus.
cescoffier
commented on July 21, 2024
Any reason to update 3.8? We tend to only backport bug fixes and CVE.
from quarkus.
cescoffier
commented on July 21, 2024
@chberger FYI, we are not vulnerable.
We offer two gRPC servers:
- the gRPC Java one based on Netty - Netty has an RST Flood protection
- the Vert.x based gRPC server - Vert.x has an RST Flood protection
from quarkus.
cescoffier
commented on July 21, 2024
@gsmet WDYT?
from quarkus.
Related Issues (20)
- CxfClient with ComplexTypes fails on subsequent re-runs of quarkus test. HOT 1
- Improvement in search-path handling of quarkus-liquibase and quarkus-liquibase-mongodb HOT 2
- Netty update caused failure when building image with GraalVM for JDK 17 HOT 20
- Fatal error compiling: error: release version 17 not supported HOT 4
- Kafka fails with multiple emitters(Emitter & MultinyEmitter) on the same channel HOT 4
- Qute global values should probably be lazy HOT 4
- GraalVM JS Engine does not work with version 3.8.3 HOT 15
- Property `quarkus.management.port` is ignored if passed on CLI during OpenShift deployment HOT 16
- Compilation error in WebSocketSessionContext with GraalVM SDK 22 HOT 2
- Deserialization Errors during test classloading
- Reactive Debezium Outbox extension commits database changes in new, separate transaction HOT 5
- OIDC automatic session cookie splitting is broken HOT 2
- Elasticsearch Geopoint HOT 2
- Quarkus crashes and the pod can't restart HOT 13
- 'quarkus.log.console.format' '%i' Process ID fixed at build time HOT 5
- Wrong warning message when defining the property `quarkus.rest.path` HOT 2
- websocket-next extension should be able to automatically broadcast pings HOT 10
- Include LICENSE in source jar HOT 5
- Add property to force `cache-control: no-store` on: quarkus.smallrye-health HOT 4
- Routing for index.html fails with 404 for directories HOT 8
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from quarkus.