[ https://issues.apache.org/jira/browse/CASSANDRA-16734?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Daniel Gomez updated CASSANDRA-16734: ------------------------------------- Fix Version/s: 3.11.x > Remediate Cassandra 3.11.10 JAR dependency vulnerabilities > ----------------------------------------------------------- > > Key: CASSANDRA-16734 > URL: https://issues.apache.org/jira/browse/CASSANDRA-16734 > Project: Cassandra > Issue Type: Improvement > Components: Dependencies > Reporter: Daniel Gomez > Priority: Normal > Fix For: 3.11.x > > > Several JAR dependencies are flagged in Cassandra 3.11.10 as having > vulnerabilities that have been fixed in newer releases. > The following is the Cassandra 3.11.10 source tree for their JAR > dependencies: > [https://github.com/apache/cassandra/tree/181a4969290f1c756089b2993a638fe403bc1314/lib] > A possible fix strategy is to simply update the JARs to their newest version. > See the JAR files available for each vulnerable library: > * SeeĀ > [https://mvnrepository.com/artifact/com.fasterxml.jackson.core/jackson-databind/2.9.10.8] > * See [https://mvnrepository.com/artifact/io.netty/netty-all/4.1.65.Final] > * See > [https://mvnrepository.com/artifact/org.apache.thrift/libthrift/0.9.3-1] > * See > [https://mvnrepository.com/artifact/com.thinkaurelius.thrift/thrift-server/0.3.9] > * See [https://mvnrepository.com/artifact/com.google.guava/guava/30.1.1-jre] > * See [https://mvnrepository.com/artifact/ch.qos.logback/logback-core/1.2.3] > * See [https://mvnrepository.com/artifact/org.yaml/snakeyaml/1.29] > * See [https://mvnrepository.com/artifact/commons-codec/commons-codec/1.15] -- This message was sent by Atlassian Jira (v8.3.4#803005) --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org