hkuhn42
commented
3 months ago Why don't you just use the fixed version 1.7.26? It is compatible and works just fine with quartz. We currently use 2.0.9 and do not have any problems.
Closed jixiang8320216 closed 1 month ago
hkuhn42
commented
3 months ago Why don't you just use the fixed version 1.7.26? It is compatible and works just fine with quartz. We currently use 2.0.9 and do not have any problems.
jhouserizer
commented
1 month ago 2.4.0 RC already addresses it, the comment from hkuhn42 is valid for other existing versions, final 2.4.0 should be available within a couple weeks.
Currently, we use Quartz 2.3.2. However, the SLF4J in Quartz 2.3.2 has the CVE-2018-8088 vulnerability. Is there any GA version to be released?
CVE-2018-8088: org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before 1.8.0-beta2 allows remote attackers to bypass intended access restrictions via crafted data. EventData in the slf4j-ext module in QOS.CH SLF4J, has been fixed in SLF4J versions 1.7.26 later and in the 2.0.x series.