Thanks to visit codestin.com
Credit goes to github.com

Skip to content

CVE-2023-44487 Denial of Service (DoS) vulnerability in io.netty#24114

Merged
vmuzikar merged 1 commit intokeycloak:release/22.0from
abstractj:issue-23949-backport
Oct 20, 2023
Merged

CVE-2023-44487 Denial of Service (DoS) vulnerability in io.netty#24114
vmuzikar merged 1 commit intokeycloak:release/22.0from
abstractj:issue-23949-backport

Conversation

@abstractj
Copy link
Contributor

@abstractj abstractj commented Oct 18, 2023

Closes #23949

@abstractj abstractj requested a review from a team October 18, 2023 18:37
@abstractj abstractj requested a review from a team as a code owner October 18, 2023 18:37
@ghost ghost added the team/cloud-native label Oct 18, 2023
@abstractj abstractj marked this pull request as draft October 18, 2023 19:32
@abstractj abstractj marked this pull request as ready for review October 19, 2023 17:46
@abstractj abstractj added the kind/cve Issues identified as CVEs on third-party dependencies, or issues which Keycloak is not affected label Oct 19, 2023
@abstractj abstractj force-pushed the issue-23949-backport branch from 112adf8 to aaab9dc Compare October 19, 2023 18:15
@ghost ghost added the flaky-test label Oct 19, 2023
This was referenced Oct 19, 2023
Closed
Closed
ghost
ghost reviewed Oct 19, 2023
View reviewed changes
Copy link

@ghost ghost left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Unreported flaky test detected, please review

@ghost
Copy link

ghost commented Oct 19, 2023

Unreported flaky test detected

If the below flaky tests below are affected by the changes, please review and update the changes accordingly. Otherwise, a maintainer should report the flaky tests prior to merging the PR.

org.keycloak.testsuite.forms.ReAuthenticationTest#identityFirstFormReauthentication

Keycloak CI - Forms IT (chrome)

java.lang.IllegalArgumentException: No enum constant org.keycloak.testsuite.pages.AppPage.RequestType.
	at java.base/java.lang.Enum.valueOf(Enum.java:273)
	at org.keycloak.testsuite.pages.AppPage$RequestType.valueOf(AppPage.java:56)
	at org.keycloak.testsuite.pages.AppPage.getRequestType(AppPage.java:49)
	at jdk.internal.reflect.GeneratedMethodAccessor552.invoke(Unknown Source)
...

Report flaky test

org.keycloak.testsuite.forms.ReAuthenticationTest#usernamePasswordFormReauthenticationWithResetFlow

Keycloak CI - Forms IT (chrome)

org.openqa.selenium.NoSuchElementException: 
no such element: Unable to locate element: {"method":"css selector","selector":"#password"}
  (Session info: headless chrome=118.0.5993.70)
For documentation on this error, please visit: http://seleniumhq.org/exceptions/no_such_element.html
Build info: version: '3.14.0', revision: 'aacccce0', time: '2018-08-02T20:19:58.91Z'
...

Report flaky test

@vmuzikar vmuzikar linked an issue Oct 20, 2023 that may be closed by this pull request
CVE-2023-44487 - Denial of Service (DoS) vulnerability in io.netty:netty-codec-http2 #23949
Closed
2 tasks
@vmuzikar vmuzikar merged commit 15467b8 into keycloak:release/22.0 Oct 20, 2023
@cypress
Copy link

cypress bot commented Oct 20, 2023

Passing run #9518 ↗︎

0 527 48 0 Flakiness 0

Details:

CVE-2023-44487 Denial of Service (DoS) vulnerability in io.netty (#24114)
Project: Keycloak Admin UI Commit: 15467b88f1
Status: Passed Duration: 18:20 💡
Started: Oct 20, 2023 7:26 AM Ended: Oct 20, 2023 7:45 AM

Review all test suite changes for PR #24114 ↗︎

@stianst stianst mentioned this pull request Nov 14, 2023
Closed
@stianst stianst mentioned this pull request May 6, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ahus1 ahus1 ahus1 approved these changes

@vmuzikar vmuzikar vmuzikar approved these changes

+1 more reviewer
Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

flaky-test kind/cve Issues identified as CVEs on third-party dependencies, or issues which Keycloak is not affected team/cloud-native

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

CVE-2023-44487 - Denial of Service (DoS) vulnerability in io.netty:netty-codec-http2

3 participants

@abstractj @ahus1 @vmuzikar