PengZheng
commented
9 months ago According to https://curl.se/docs/CVE-2023-38545.html, it seems that issue might be triggered by export http_proxy=socks5h://PROXYHOST:PROXYPORT.
https://www.linuxtutorials.org/socks5-proxy-environment-variable-linux/
Once 8.4.0 is available on Conan-center-index, we can update our conanfile.py: https://github.com/conan-io/conan-center-index/issues/20529
A new curl released is planned that will fix 2 security issues and 1 on these issue is of a HIGH severity (CVE-2023-38545).
Whether this has a impact on Apache Celix functionality is not yet clear, although no change in the API and ABI is expected: https://github.com/curl/curl/discussions/12026
When the curl 11 oct release is available the master branch should be updated to use the latest curl (conan config). The 2.4 release should also be updated for this.
For the 2.4 release my proposal is to create a
support/2.4branch which can be used as a "master" branch for the Apache Celix 2.4 future development and also where the 2.4.x tags will reside.