Skip to content

fix: Add CVE-2023-46809 option to integration node #1424

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Jul 8, 2024
Merged

fix: Add CVE-2023-46809 option to integration node #1424

merged 3 commits into from
Jul 8, 2024

Conversation

@seebees
Copy link
Contributor

@seebees seebees commented Jul 5, 2024

Adding a CVE-2023-46809 to skip
RSA_PKCS1_OAEP_PADDING test vectors.

Adding a CI target to start node
with --security-revert=CVE-2023-46809
and attempt RSA_PKCS1_OAEP_PADDING test vectors.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

Check any applicable:

  • Were any files moved? Moving files changes their URL, which breaks all hyperlinks to the files.

@seebees
fix: Add CVE-2023-46809 option to integration node
a6a178a 
Adding a CVE-2023-46809 to skip
RSA_PKCS1_OAEP_PADDING test vectors.

Adding a CI target to start node
with --security-revert=CVE-2023-46809
and attempt RSA_PKCS1_OAEP_PADDING test vectors.
@seebees seebees requested a review from a team as a code owner July 5, 2024 19:51
texastony
texastony reviewed Jul 5, 2024
View reviewed changes
texastony
texastony previously approved these changes Jul 5, 2024
View reviewed changes
Copy link
Contributor

@texastony texastony left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

josecorella
josecorella requested changes Jul 5, 2024
View reviewed changes
Copy link
Contributor

@josecorella josecorella left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can we update ci to run on latest node 18 and 20?
https://github.com/aws/aws-encryption-sdk-javascript/pull/1423/files#diff-b803fcb7f17ed9235f1e5cb1fcd2f5d3b2838429d4368ae4c57ce4436577f03fR10

josecorella
josecorella approved these changes Jul 5, 2024
View reviewed changes
Copy link
Contributor

@josecorella josecorella left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

adding 22 and latest?! Very nice 👏

@josecorella josecorella mentioned this pull request Jul 6, 2024
Closed
1 task
@seebees seebees merged commit 84a7034 into master Jul 8, 2024
@seebees seebees deleted the ryanemer/fix-ci branch July 8, 2024 19:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@josecorella josecorella josecorella approved these changes

@texastony texastony texastony left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@seebees @texastony @josecorella