[ovirt-users] Re: CVE-2024-1597

Le 21 févr. 2024 à 09:24, Sandro Bonazzola <sbonazzo(a)redhat.com&gt; a écrit : I'm not an expert on this topic, but according engine's pom we are using 42.2.27 which doesn't seem to be in the list of the affected version on https://github.com/advisories/GHSA-xfg6-62px-cxc2 Il giorno mer 21 feb 2024 alle ore 09:09 Fabrice Bacchella via Users <users(a)ovirt.org <mailto:users@ovirt.org>> ha scritto: > Does oVirt is exposed to CVE-2024-1597 ? > > To be exposed, the jdbc driver needs to be used with PreferQueryMode=SIMPLE. Is that the situation ? > _______________________________________________ > Users mailing list -- users(a)ovirt.org <mailto:users@ovirt.org> > To unsubscribe send an email to users-leave(a)ovirt.org <mailto:users-leave@ovirt.org> > Privacy Statement: https://www.ovirt.org/privacy-policy.html > oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ > List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/MORV4QFHRUU... -- Sandro Bonazzola MANAGER, SOFTWARE ENGINEERING Red Hat In-Vehicle Operating System Red Hat EMEA <https://www.redhat.com/> <https://www.redhat.com/> Red Hat respects your work life balance. Therefore there is no need to answer this email out of your office hours.