Depended hiredis v0.12 has security risk, whether newer versions without security risks can be supported? #1202
Replies: 2 comments 3 replies
-
|
hiredis is merely a (optional) dependency for mod_auth_openidc; it is up to the OS distribution to patch it or upgrade it |
Beta Was this translation helpful? Give feedback.
-
|
I tried install mod_auth_openidc on amzn2 or amzn2023, they all need hiredis. I think redis is use for store session, since we are use client-cookie. it there any way to install mod_auth_openidc without hiredis? |
Beta Was this translation helpful? Give feedback.
-
|
there's no pre-bulit package for that, you'd have to build the binaries from source yourself |
Beta Was this translation helpful? Give feedback.
-
|
you mean rpm for amzn? I can build rpm for amzn or install by source code directly, but when I try to install mod_auth_openidc, it says need hiredis 0.12. but hiredis 0.12 has security risk issue, In our company, we are now allowed install package which has security risk issue. |
Beta Was this translation helpful? Give feedback.
-
|
I rebuild the rpm package, and it works. |
Beta Was this translation helpful? Give feedback.
-
from blackduck , we know hiredis 0.12 has security risk. but now the lastest mod_auth_openidc only support hiredis 0.12
Beta Was this translation helpful? Give feedback.
All reactions