[jira] [Commented] (CASSANDRA-15856) Security vulnerabilities with dependency jars of Cassandra 3.11.6

Fri, 24 Sep 2021 07:54:05 -0700 


    [ 
https://issues.apache.org/jira/browse/CASSANDRA-15856?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17419825#comment-17419825
 ] 

Stefan Miklosovic commented on CASSANDRA-15856:
-----------------------------------------------

CVE-2018-1320 is addressed here 
https://issues.apache.org/jira/browse/CASSANDRA-15424

> Security vulnerabilities with dependency jars  of Cassandra 3.11.6
> ------------------------------------------------------------------
>
>                 Key: CASSANDRA-15856
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-15856
>             Project: Cassandra
>          Issue Type: Task
>            Reporter: Kshitiz Saxena
>            Priority: Normal
>             Fix For: 3.11.x
>
>
> The latest release of Cassandra 3.11.6 has few dependency jars which have 
> some security vulnerabilities.
>  
> Apache Thrift (org.apache.thrift:libthrift:0.9.2) has below mentioned 
> security vulnerabilities reported
> |+[https://nvd.nist.gov/vuln/detail/CVE-2016-5397]+|
> |+[https://nvd.nist.gov/vuln/detail/CVE-2018-1320]+|
> |+[https://nvd.nist.gov/vuln/detail/CVE-2019-0205]+|
>  
> Netty Project (io.netty:netty-all:4.0.44.Final) has below mentioned security 
> vulnerabilities reported
> |+[https://nvd.nist.gov/vuln/detail/CVE-2019-16869]+|
> |+[https://nvd.nist.gov/vuln/detail/CVE-2019-20444]+|
> |+[https://nvd.nist.gov/vuln/detail/CVE-2019-20445]+|
>  
> Is there a plan to upgrade these jars in any upcoming release?



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org

Reply via email to