Replies: 2 comments 3 replies
-
|
@dafriz thanks for the PR. We might do a 2.3.3 release, but I cannot commit on a timeline at the moment. Please also note that QFJ is not affected by this vulnerability since it does not use the affected IoBuffer#getObject() method. |
Beta Was this translation helpful? Give feedback.
-
|
Two critical CVE's in Mina. Last mina update since June 2 MINA 2.2.8, 2.1.13, 2.0.29 released posted on June, 2 2026 It fixed two CVE: CVE-2026-47065: Critical Deserialization Allow-list Bypass via resolveProxyClass - ZDRES-232 Any chance we can adapt? Kind regards/ |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
Are we open to making a new release of the 2.3.x branch?
#1203 updates Mina to a version that has resolved a coupe of critical CVEs.
Similar to the 2.3.2 release - a minor bump to save overriding mina in our own projects.
Beta Was this translation helpful? Give feedback.
All reactions