Support #748

Fix for CVE-2021-41556

Added by Madars 5 months ago. Updated 5 months ago.

Status:ClosedStart date:12/22/2021
Priority:Normal (Code 4)Due date:
Assignee:-% Done:

100%

Category:-
Target version:-

Description

The vulnerable has been found in Squirrel script engine, which might lead to code exploits.
Fix shall be back-ported from Squirrel script main repositories.

Mavimax customer shall have no worry about this vulnerable, because currently script engine is not used in Enduro/X productive operations. Squirelscript currently is only used for configuration file and source code generation, which is one time event, purely run by developers, not network attached, and does not take any part in UBF/XATMI/transactions processing.

For compliance reasons the fix shall be backported and put in latest Enduro/X release.

History

#1 Updated by Madars 5 months ago

Release notes

FIx has been backported in https://github.com/endurox-dev/endurox/commit/7e9870f2d46f7e17a4d97213e27e224af20037fa

Available from Enduro/X version 7.5.36+.

#2 Updated by Madars 5 months ago

  • Status changed from New to Resolved
  • % Done changed from 0 to 100

#3 Updated by Lauris 5 months ago

  • Status changed from Resolved to Closed

Also available in: Atom PDF