search

taoensso / carmine

Redis client + message queue for Clojure
https://www.taoensso.com/carmine
Eclipse Public License 1.0
1.15k stars 130 forks source link

bump nippy version to 2.15.0 #240

Closed saitouena closed 3 years ago

saitouena commented 3 years ago

Currently carmine uses nippy 2.14.0. It has remote code execution vulnerability https://github.com/ptaoussanis/nippy/issues/130.

I'm not sure whether camine code can satisfie "who is affected?" conditions https://github.com/ptaoussanis/nippy/issues/130. It might depend on the application code (how carmine store is used).

ptaoussanis commented 3 years ago

Hi @saitouena, will be addressed in an upcoming release - thanks!