Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [milo-dev] Eclipse-Milo security report with JFROG
  • From: "RB, Pramod Kumar" <pramodkumar.rb@xxxxxxxxxxxxxxxx>
  • Date: Tue, 10 May 2022 13:28:44 +0000
  • Accept-language: en-IN, en-US
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=thermofisher.com; dmarc=pass action=none header.from=thermofisher.com; dkim=pass header.d=thermofisher.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=K5otFYUn22Fb0r70Do+v/Q9faEdp/rgcOjwTkKZNreI=; b=J8PaSSde9ROY/f7WMkoknUL8B8pP2OOSYk0s+cr9L34vLHKRvD/3pqUEx6/fX1IkPl3hBylZAvQU8/eCzco5BYmqG/wZfxQQkZxKXFqV9pU6MX5sEEyjIA+CXddbSdRXjwz+BM8nh/24d3zT9A0p2XfjGLxA8+S2u3f0LUIIAezaTBUED6rQQn5M4QEWbGRFfPlepFJ3Lxe4jGbxzAg2nZo8X/0vzmO3tjfOq0l712VXS6EmtsVLZIB5w/tZUZyup0RI9UXkk9/2Do2hHE91hPPKAG1CRVswK7MezLw11jktx4jij45QUjqRy6mMKFYw1M80Hmc5I3pp09FXAjcyzw==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Z0o527M10vzKtjSAgpOhTirhjGVMnqHFcCR/TJnTQWO0YFvrnLu4UVMXqthryUa07Uw9RwSEH5jPPlTJ0Gp+3ZxEQX/5KCfIxDuPlo4cr+X3VIcMqFbDXVmiiCCTTUIRY83wUK3dfL8EJk4jclCYqdZ7Q+qxe2/BlV+SBw2d4cBuDx3HceA5vPLTMsS6ZXshENRHD0xcTs58AQG9jptXyEPcCu1UUh5BNl6K2y/UQEE0KZHSsGHfMVWc59O3iYeJPz6OKHWdsEtj3FdjK63ZIg5MbczVIlX0GEhsXpVxA+aYASn7tHfUNyon4nzsD+HZ30v2XkHWb07elX7MY0S/lw==
  • Delivered-to: milo-dev@xxxxxxxxxxx
  • List-archive: <https://www.eclipse.org/mailman/private/milo-dev/>
  • List-help: <mailto:milo-dev-request@eclipse.org?subject=help>
  • List-subscribe: <https://www.eclipse.org/mailman/listinfo/milo-dev>, <mailto:milo-dev-request@eclipse.org?subject=subscribe>
  • List-unsubscribe: <https://www.eclipse.org/mailman/options/milo-dev>, <mailto:milo-dev-request@eclipse.org?subject=unsubscribe>
  • Thread-index: AQHYYHEc743aOApB+k29OwpOqNo2G60QJU3dgAeeOayAAFb8gIAACEG2
  • Thread-topic: Eclipse-Milo security report with JFROG

Hi Kevin,

 

Thanks for the information, we will use latest Milo version 0.6.5.

 

Regards,

Pramod

From: Kevin Herron <kevinherron@xxxxxxxxx>
Date: Tuesday, 10 May 2022 at 6:29 PM
To: RB, Pramod Kumar <pramodkumar.rb@xxxxxxxxxxxxxxxx>
Cc: milo-dev@xxxxxxxxxxx <milo-dev@xxxxxxxxxxx>, Chakraborty, Debapriyo <debapriyo.chakraborty@xxxxxxxxxxxxxxxx>, PAUL, SOURAV <sourav.paul2@xxxxxxxxxxxxxxxx>, Ganeshan, Ashwini <ashwini.ganeshan@xxxxxxxxxxxxxxxx>, S, Shyamsundar <shyamsundar.s@xxxxxxxxxxxxxxxx>
Subject: Re: Eclipse-Milo security report with JFROG

CAUTION: This email originated from outside of Thermo Fisher Scientific. If you believe it to be suspicious, report using the Report Phish button in Outlook or send to SOC@xxxxxxxxxxxxxxxx.

 

None of those affect Milo directly, but regardless Netty was upgraded to 4.1.75.Final in Milo version 0.6.5.

 

On Tue, May 10, 2022 at 12:57 AM RB, Pramod Kumar <pramodkumar.rb@xxxxxxxxxxxxxxxx> wrote:

Hello milo dev team, Kevin Herron,

 

We got few critical, high and medium security issue after performing security scan on the milo sdk, can we get support/upgrades to fix the versions as mentioned in attached security scan report.

 

Regards,

Pramod

 

From: Chakraborty, Debapriyo <debapriyo.chakraborty@xxxxxxxxxxxxxxxx>
Date: Thursday, 5 May 2022 at 4:59 PM
To: milo-dev@xxxxxxxxxxx <milo-dev@xxxxxxxxxxx>
Cc: PAUL, SOURAV <sourav.paul2@xxxxxxxxxxxxxxxx>, Ganeshan, Ashwini <ashwini.ganeshan@xxxxxxxxxxxxxxxx>, RB, Pramod Kumar <pramodkumar.rb@xxxxxxxxxxxxxxxx>, S, Shyamsundar <shyamsundar.s@xxxxxxxxxxxxxxxx>
Subject: FW: Eclipse-Milo security report with JFROG

Hi,

 

Forwarding the mail after creating the account in eclipse.org

 

 

We are using 0.6.3 version of Eclipse-milo in our project.

During the report generation with JFROG we found some critical, high and medium Security issue.

PFA for more information of the components and the version we are using.

 

Kindly suggest the solution / upgrades that we can perform from our end if possible.

If there is anything that needs to be done from your end please do the needful and keep us informed.

 

 

 

Thanks and Regards

Debapriyo Chakraborty

Email id: debapriyo.chakraborty@xxxxxxxxxxxxxxxx

Thermo Fisher Scientific

 

 

From: Chakraborty, Debapriyo <debapriyo.chakraborty@xxxxxxxxxxxxxxxx>
Date: Thursday, 5 May 2022 at 4:54 PM
To: milo-dev@xxxxxxxxxxx <milo-dev@xxxxxxxxxxx>
Cc: PAUL, SOURAV <sourav.paul2@xxxxxxxxxxxxxxxx>, RB, Pramod Kumar <pramodkumar.rb@xxxxxxxxxxxxxxxx>, S, Shyamsundar <shyamsundar.s@xxxxxxxxxxxxxxxx>, Ganeshan, Ashwini <ashwini.ganeshan@xxxxxxxxxxxxxxxx>
Subject: Eclipse-Milo security report with JFROG

Hi,

 

We are using 0.6.3 version of Eclipse-milo in our project.

During the report generation with JFROG we found some critical, high and medium Security issue.

PFA for more information of the components and the version we are using.

 

Kindly suggest the solution / upgrades that we can perform from our end if possible.

If there is anything that needs to be done from your end please do the needful and keep us informed.

 

Thanks and Regards

Debapriyo Chakraborty

Email id: debapriyo.chakraborty@xxxxxxxxxxxxxxxx

Thermo Fisher Scientific

 

Back to the top