A flaw was found under XNIO. XNIO NotifierState can cause StackOverflowException when the chain of notifier states becomes problematically big and that may lead to an uncontrolled resource management and lead to a possible Denial of Service (DoS).
> xnio 3.8.14 When will this release be available? It's not yet in Maven Central, for example.
Hi Can you provide a reference to the upstream commit fixing this issue? While there seems to be a preparation commit for the next 3.8.14.Final in https://github.com/xnio/xnio/commit/9b3ce71411688969cb455e5c1b62dce8303bd80e I could not find something related to this description. Is there an upstream (public) issue for this?
Hi @carnil, I just checked with the maintainers. Please watch this page https://issues.redhat.com/browse/WFCORE-6738 The details will be added as their are working in a backport
The work was done here: https://issues.redhat.com/browse/XNIO-423 The problem is these `next` calls: https://github.com/xnio/xnio/blob/3.8.13.Final/api/src/main/java/org/xnio/AbstractIoFuture.java#L249 Release 3.8.14 (https://issues.redhat.com/projects/XNIO/versions/12423148) does not currently have an estimated release date.
Nice info. https://tunnelrush3.com instead of my thanks.
This issue has been addressed in the following products: Red Hat build of Apache Camel 4.4.0 for Spring Boot Via RHSA-2024:2707 https://access.redhat.com/errata/RHSA-2024:2707
I would be interested in Release 3.8.14 (https://issues.redhat.com/projects/XNIO/versions/12423148) https://bobtherobber.io Hope there will be a new update soon
(In reply to jaydenz from comment #14) > I would be interested in Release 3.8.14 > (https://issues.redhat.com/projects/XNIO/versions/12423148) > https://bobtherobber.io > Hope there will be a new update soon It was released months ago: https://repo1.maven.org/maven2/org/jboss/xnio/xnio-all/3.8.14.Final/
(In reply to James Howe from comment #8) > Công việc được thực hiện tại đây: https://issues.redhat.com/browse/XNIO-423 > > Vấn đề là các lệnh gọi `next` này: > https://github.com/xnio/xnio/blob/3.8.13.Final/api/src/main/java/org/xnio/ > AbstractIoFuture.java#L249 > https://fireboy-andwatergirl.io > Phiên bản 3.8.14 ( https://issues.redhat.com/projects/XNIO/versions/12423148 > ) hiện chưa có ngày phát hành dự kiến. The issue involves the XNIO NotifierState, which can lead to a Stack Overflow Exception when the chain of notifier states becomes excessively large. This happens because the system is unable to handle the large recursive chain, which in turn could result in uncontrolled resource management. As a consequence, this could lead to a Denial of Service (DoS) attack due to the overconsumption of system resources.