CVE-2023-4586 in netty - is quarkus already dealing with this or is there a way to easily configure quarkus to be safe #36743
Answered
by
joergsesterhenn
joergsesterhenn
asked this question in
Q&A
-
|
So there is this GHSA-57m8-f3v5-hm5m Can someone comment on whether quarkus configures netty to validate hostnames when using TLS or if there is some way to configure this through quarkus? |
Beta Was this translation helpful? Give feedback.
Answered by
joergsesterhenn
Nov 2, 2023
Replies: 1 comment
-
|
Verification of hostnames is enabled per default in quarkus: I interpret this as: CVE-2023-4586 is no issue for quarkus in default configuration. |
Beta Was this translation helpful? Give feedback.
0 replies
Answer selected by
joergsesterhenn
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Verification of hostnames is enabled per default in quarkus:
https://quarkus.io/guides/all-config#quarkus-rest-client-config_quarkus.rest-client.verify-host
I interpret this as: CVE-2023-4586 is no issue for quarkus in default configuration.