Mention CVE-2022-45047 fixed

apache · Nov 16, 2022 · 03238d5 · 03238d5
1 parent 01d91a6
commit 03238d5
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/docs/changes/2.9.2.md b/docs/changes/2.9.2.md
@@ -2,6 +2,9 @@
 
 ## Bug fixes
 
+* [CVE-2022-45047](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45047) Unsafe deserialization in `org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider`
+
+
 * [SSHD-1173](https://issues.apache.org/jira/browse/SSHD-1173) Not fully using up a channel window may lead to hangs (see [Channel windows](#channelwindows0) below)
 * [SSHD-1287](https://issues.apache.org/jira/browse/SSHD-1287) SFTP: reading with buffers larger than 126kB leads to data corruption
 * [SSHD-1293](https://issues.apache.org/jira/browse/SSHD-1293) ExplicitPortForwardingTracker does not unbind auto-allocated port
@@ -11,6 +14,7 @@
 * [SSHD-1303](https://issues.apache.org/jira/browse/SSHD-1303) Reading from redirected Channel.getInvertedErr() delivers stdout; should be at EOF
 * [SSHD-1307](https://issues.apache.org/jira/browse/SSHD-1307) [NIO2] TCP/IP port forwarding: shut down output stream only after pending writes have been written
 
+
 * [GH-263](https://github.com/apache/mina-sshd/issues/263)  Race condition in BufferedIoOutputStream
 * [GH-266](https://github.com/apache/mina-sshd/issues/266)  ChannelPipedOutputStream.flush() must be a no-op