[ https://issues.apache.org/jira/browse/CASSANDRA-14183?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16334425#comment-16334425 ]
ASF GitHub Bot commented on CASSANDRA-14183: -------------------------------------------- GitHub user tveronezi opened a pull request: https://github.com/apache/cassandra/pull/186 [CASSANDRA-14183] Fixes serialization vulnerability Fixes serialization vulnerability described here https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5929 You can merge this pull request into a Git repository by running: $ git pull https://github.com/tveronezi/cassandra CVE-2017-5929 Alternatively you can review and apply these changes as the patch at: https://github.com/apache/cassandra/pull/186.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #186 ---- commit abc891fdb25b5b0e395851427bb8514c9ab666cf Author: Thiago Veronezi <thiago@...> Date: 2018-01-22T15:40:55Z [CASSANDRA-14183] Fixes serialization vulnerability ---- > CVE-2017-5929 Security vulnerability > ------------------------------------ > > Key: CASSANDRA-14183 > URL: https://issues.apache.org/jira/browse/CASSANDRA-14183 > Project: Cassandra > Issue Type: Improvement > Components: Libraries > Reporter: Thiago Veronezi > Priority: Major > Fix For: 3.11.x > > > Cassandra 3.11.1 is patched with logback 1.1.3, which contains the security > vulnerability described here. > [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5929] -- This message was sent by Atlassian JIRA (v7.6.3#76005) --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org