Support #748
Fix for CVE-2021-41556
| Status: | Closed | Start date: | 12/22/2021 | |
|---|---|---|---|---|
| Priority: | Normal (Code 4) | Due date: | ||
| Assignee: | - | % Done: | 100% | |
| Category: | - | |||
| Target version: | - |
Description
The vulnerable has been found in Squirrel script engine, which might lead to code exploits.
Fix shall be back-ported from Squirrel script main repositories.
Mavimax customer shall have no worry about this vulnerable, because currently script engine is not used in Enduro/X productive operations. Squirelscript currently is only used for configuration file and source code generation, which is one time event, purely run by developers, not network attached, and does not take any part in UBF/XATMI/transactions processing.
For compliance reasons the fix shall be backported and put in latest Enduro/X release.
History
#1 Updated by Madars over 2 years ago
Release notes¶
FIx has been backported in https://github.com/endurox-dev/endurox/commit/7e9870f2d46f7e17a4d97213e27e224af20037fa
Available from Enduro/X version 7.5.36+.
#2 Updated by Madars over 2 years ago
- Status changed from New to Resolved
- % Done changed from 0 to 100
#3 Updated by Lauris over 2 years ago
- Status changed from Resolved to Closed