jitsi icon indicating copy to clipboard operation
jitsi copied to clipboard
verified publisher icon jitsi

CVE fixes?

Open Neustradamus opened this issue 4 years ago • 4 comments

It is possible to secure Jitsi?

CVEs:

  • Bouncy Castle CVEs: https://github.com/jitsi/jitsi/issues/562 + https://github.com/jitsi/jitsi/pull/564 + https://github.com/jitsi/jitsi/pull/741
  • slf4j CVE: https://github.com/jitsi/jitsi/pull/667
  • log4j CVEs: https://github.com/jitsi/jitsi/issues/754 + https://github.com/jitsi/jitsi/issues/753
  • ...

cc: @TechByTom, @mpexo, @jvkassi, @mjmeijerman.

Neustradamus avatar Aug 30 '21 21:08 Neustradamus

  • Bouncy Castle CVEs: https://github.com/jitsi/jitsi/issues/562 + https://github.com/jitsi/jitsi/pull/564 + https://github.com/jitsi/jitsi/pull/741
  • slf4j CVE: https://github.com/jitsi/jitsi/pull/667
  • log4j CVEs: https://github.com/jitsi/jitsi/issues/754 + https://github.com/jitsi/jitsi/issues/753
  • ...

cc: @TechByTom, @mpexo, @jvkassi, @mjmeijerman.

Neustradamus avatar Dec 26 '21 01:12 Neustradamus

@JonathanLennox, @sawall, @nils-ohlmeier: After a long time, there are changes for security etc.! All are not up-to-date, but better, thanks!

jitsi

  • https://github.com/jitsi/jitsi
  • https://github.com/jitsi/jitsi/blob/master/pom.xml
  • https://github.com/jitsi/jitsi/pull/803
  • https://github.com/jitsi/jitsi/issues/745
  • https://github.com/jitsi/jitsi/pull/741
  • https://github.com/jitsi/jitsi/pull/564
  • https://github.com/jitsi/jitsi/issues/562
  • https://github.com/jitsi/jitsi/pull/43

libjitsi

  • https://github.com/jitsi/libjitsi
  • https://github.com/jitsi/libjitsi/blob/master/pom.xml
  • https://github.com/jitsi/libjitsi/pull/568
  • https://github.com/jitsi/libjitsi/pull/567
  • https://github.com/jitsi/libjitsi/pull/550
  • https://github.com/jitsi/libjitsi/pull/528
  • https://github.com/jitsi/libjitsi/pull/522
  • https://github.com/jitsi/libjitsi/issues/444
  • https://github.com/jitsi/libjitsi/issues/441
  • https://github.com/jitsi/libjitsi/pull/128
  • https://github.com/jitsi/libjitsi/pull/72

jibri

  • https://github.com/jitsi/jibri
  • https://github.com/jitsi/jibri/blob/master/pom.xml
  • https://github.com/jitsi/jibri/pull/514

zrtp4j

  • https://github.com/jitsi/zrtp4j
  • https://github.com/jitsi/zrtp4j/blob/master/pom.xml
  • https://github.com/jitsi/zrtp4j/pull/3

jitsi-videobridge

  • https://github.com/jitsi/jitsi-videobridge
  • https://github.com/jitsi/jitsi-videobridge/blob/master/pom.xml
  • https://github.com/jitsi/jitsi-videobridge/blob/master/jitsi-media-transform/pom.xml
  • https://github.com/jitsi/jitsi-videobridge/pull/2036
  • https://github.com/jitsi/jitsi-videobridge/pull/1983
  • https://github.com/jitsi/jitsi-videobridge/pull/1884
  • https://github.com/jitsi/jitsi-videobridge/issues/1881
  • https://github.com/jitsi/jitsi-videobridge/pull/806
  • https://github.com/jitsi/jitsi-videobridge/pull/123

moderated-meetings

  • https://github.com/jitsi/moderated-meetings
  • https://github.com/jitsi/moderated-meetings/blob/master/pom.xml
  • https://github.com/jitsi/moderated-meetings/pull/13
  • https://github.com/jitsi/moderated-meetings/pull/7

jigasi

  • https://github.com/jitsi/jigasi
  • https://github.com/jitsi/jigasi/blob/master/pom.xml
  • https://github.com/jitsi/jigasi/pull/376
  • https://github.com/jitsi/jigasi/pull/259

jitsi-srtp

  • https://github.com/jitsi/jitsi-srtp
  • https://github.com/jitsi/jitsi-srtp/blob/master/pom.xml
  • https://github.com/jitsi/jitsi-srtp/pull/47
  • https://github.com/jitsi/jitsi-srtp/pull/46
  • https://github.com/jitsi/jitsi-srtp/pull/33
  • https://github.com/jitsi/jitsi-srtp/pull/19

otr4j

  • https://github.com/jitsi/otr4j
  • https://github.com/jitsi/otr4j/blob/master/pom.xml
  • https://github.com/jitsi/otr4j/pull/10
  • https://github.com/jitsi/otr4j/pull/5

OLD:

jitsi-media-transform (Integrated in jitsi-videobridge)

  • https://github.com/jitsi/jitsi-media-transform
  • https://github.com/jitsi/jitsi-media-transform/blob/master/pom.xml
  • https://github.com/jitsi/jitsi-media-transform/pull/413
  • https://github.com/jitsi/jitsi-media-transform/pull/412
  • https://github.com/jitsi/jitsi-media-transform/pull/346
  • https://github.com/jitsi/jitsi-media-transform/pull/253
  • https://github.com/jitsi/jitsi-media-transform/pull/43
  • https://github.com/jitsi/jitsi-media-transform/pull/3

jitsi-hammer

  • https://github.com/jitsi/jitsi-hammer
  • https://github.com/jitsi/jitsi-hammer/blob/master/pom.xml
  • https://github.com/jitsi/jitsi-hammer/issues/36
  • https://github.com/jitsi/jitsi-hammer/pull/1

bccontrib

  • https://github.com/jitsi/bccontrib
  • https://github.com/jitsi/bccontrib/blob/master/pom.xml
  • https://github.com/jitsi/bccontrib/pull/3

jitsi-universe-public

  • https://github.com/jitsi/jitsi-universe-public
  • https://github.com/jitsi/jitsi-universe-public/blob/master/pom.xml
  • https://github.com/jitsi/jitsi-universe-public/pull/2
  • https://github.com/jitsi/jitsi-universe-public/issues/1

Neustradamus avatar Jul 19 '23 23:07 Neustradamus

Currently not up-to-date:

  • https://github.com/jitsi/moderated-meetings/issues/33
  • https://github.com/jitsi/otr4j/issues/11
  • https://github.com/jitsi/zrtp4j/issues/7

Neustradamus avatar Jul 20 '23 00:07 Neustradamus

Bouncy Castle has a new release: 1.76:

  • https://bouncycastle.org/latest_releases.html
  • https://bouncycastle.org/releasenotes.html#r1rv76

cc: @JonathanLennox, @sawall, @nils-ohlmeier

Neustradamus avatar Aug 02 '23 17:08 Neustradamus