A flaw was found under XNIO. XNIO NotifierState can cause StackOverflowException when the chain of notifier states becomes problematically big and that may lead to an uncontrolled resource management and lead to a possible Denial of Service (DoS).
> xnio 3.8.14 When will this release be available? It's not yet in Maven Central, for example.
Hi Can you provide a reference to the upstream commit fixing this issue? While there seems to be a preparation commit for the next 3.8.14.Final in https://github.com/xnio/xnio/commit/9b3ce71411688969cb455e5c1b62dce8303bd80e I could not find something related to this description. Is there an upstream (public) issue for this?
Hi @carnil, I just checked with the maintainers. Please watch this page https://issues.redhat.com/browse/WFCORE-6738 The details will be added as their are working in a backport
The work was done here: https://issues.redhat.com/browse/XNIO-423 The problem is these `next` calls: https://github.com/xnio/xnio/blob/3.8.13.Final/api/src/main/java/org/xnio/AbstractIoFuture.java#L249 Release 3.8.14 (https://issues.redhat.com/projects/XNIO/versions/12423148) does not currently have an estimated release date.
Nice info. https://tunnelrush3.com instead of my thanks.