search

jpos / jPOS

jPOS Project
http://jpos.org
GNU Affero General Public License v3.0
609 stars 461 forks source link

SSH - CVE-2022-45047 #506

Closed ar closed 1 year ago

ar commented 1 year ago

jPOS doesn't use SSH unless you start it with --ssh.

While we get this resolved, the dependencies to sshd-common-2.6.0.jar and sshd-core-2.6.0.jar can be excluded from the build.

Version 2.9.2 fixes this CVE, but requires some changes to JPosCLIShell.

ar commented 1 year ago

Worth monitoring https://issues.apache.org/jira/browse/SSHD-1091