Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(security): vulnerabilities found in cactus-rust-compiler #2705

Closed
wants to merge 1 commit into from
Closed

fix(security): vulnerabilities found in cactus-rust-compiler #2705

wants to merge 1 commit into from

Conversation

zondervancalvez
Copy link
Contributor

This fix will ignore AsymmetricPrivateKey (private-key)

Fixes #2042

@zondervancalvez zondervancalvez force-pushed the zondervancalvez/issue2042 branch 10 times, most recently from bc0b919 to 11540e2 Compare September 19, 2023 07:47
@zondervancalvez zondervancalvez marked this pull request as ready for review September 19, 2023 08:13
@zondervancalvez zondervancalvez force-pushed the zondervancalvez/issue2042 branch from 11540e2 to 4442a90 Compare September 25, 2023 05:29
petermetz
petermetz requested changes Sep 28, 2023
View reviewed changes
Copy link
Contributor

@petermetz petermetz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@zondervancalvez

  1. The config file is in the project root. Does this mean that if the same vulnerability appears in production code, it will also be ignored there? If yes, then I'll ask to localize the configuration file to the rust-compiler image only, so that the scenario above cannot happen.
  2. Please remove the "fixes ####" declaration so that the related issue is not auto-closed.
  3. Instead of "fixes ..." just document the relation and that this is a temporary fix and that we need to do the actual fix later (the issue can be set to low priority this way)

@zondervancalvez
fix(security): vulnerabilities found in cactus-rust-compiler
ae4f9e2 
This fix will ignore AsymmetricPrivateKey (private-key)

Fixes hyperledger-cacti#2042

Signed-off-by: zondervancalvez <[email protected]>
@zondervancalvez zondervancalvez force-pushed the zondervancalvez/issue2042 branch from 4442a90 to ae4f9e2 Compare October 20, 2023 06:32
@jagpreetsinghsasan
Copy link
Contributor

@zondervancalvez any updates on this?

@jagpreetsinghsasan
Copy link
Contributor

Not working on this as its not production grade image.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@petermetz petermetz petermetz requested changes

@takeutak takeutak Awaiting requested review from takeutak takeutak is a code owner

@izuru0 izuru0 Awaiting requested review from izuru0 izuru0 is a code owner

@jagpreetsinghsasan jagpreetsinghsasan Awaiting requested review from jagpreetsinghsasan jagpreetsinghsasan is a code owner

@VRamakrishna VRamakrishna Awaiting requested review from VRamakrishna VRamakrishna is a code owner

@sandeepnRES sandeepnRES Awaiting requested review from sandeepnRES sandeepnRES is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

fix(security): vulnerabilities found in cactus-rust-compiler
3 participants
@zondervancalvez @jagpreetsinghsasan @petermetz