[ https://issues.apache.org/jira/browse/CASSANDRA-15829?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Mark Denihan reassigned CASSANDRA-15829: ---------------------------------------- Assignee: (was: Mark Denihan) [~ivodujmovic] I don't have any spare cycles at the moment to see if Cassandra could be exploited by CVE-2017-5929 based on how Logback is used. I'd recommend treating it as if it is legit and updating logback > Upgrade to logback 1.2.3 to address CVE-2017-5929 > ------------------------------------------------- > > Key: CASSANDRA-15829 > URL: https://issues.apache.org/jira/browse/CASSANDRA-15829 > Project: Cassandra > Issue Type: Bug > Components: Dependencies > Reporter: Kevin Eveker > Priority: High > Fix For: 2.2.x, 3.0.x, 3.11.x > > > Recent scan results identified the following CVE that requires this upgrade > to address > [https://nvd.nist.gov/vuln/detail/CVE-2017-5929] -- This message was sent by Atlassian Jira (v8.3.4#803005) --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org