[ https://issues.apache.org/jira/browse/CASSANDRA-15856?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17419825#comment-17419825 ]
Stefan Miklosovic commented on CASSANDRA-15856: ----------------------------------------------- CVE-2018-1320 is addressed here https://issues.apache.org/jira/browse/CASSANDRA-15424 > Security vulnerabilities with dependency jars of Cassandra 3.11.6 > ------------------------------------------------------------------ > > Key: CASSANDRA-15856 > URL: https://issues.apache.org/jira/browse/CASSANDRA-15856 > Project: Cassandra > Issue Type: Task > Reporter: Kshitiz Saxena > Priority: Normal > Fix For: 3.11.x > > > The latest release of Cassandra 3.11.6 has few dependency jars which have > some security vulnerabilities. > > Apache Thrift (org.apache.thrift:libthrift:0.9.2) has below mentioned > security vulnerabilities reported > |+[https://nvd.nist.gov/vuln/detail/CVE-2016-5397]+| > |+[https://nvd.nist.gov/vuln/detail/CVE-2018-1320]+| > |+[https://nvd.nist.gov/vuln/detail/CVE-2019-0205]+| > > Netty Project (io.netty:netty-all:4.0.44.Final) has below mentioned security > vulnerabilities reported > |+[https://nvd.nist.gov/vuln/detail/CVE-2019-16869]+| > |+[https://nvd.nist.gov/vuln/detail/CVE-2019-20444]+| > |+[https://nvd.nist.gov/vuln/detail/CVE-2019-20445]+| > > Is there a plan to upgrade these jars in any upcoming release? -- This message was sent by Atlassian Jira (v8.3.4#803005) --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org