[
https://issues.apache.org/jira/browse/CASSANDRA-13501?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17791957#comment-17791957
]
Kapil Shewate commented on CASSANDRA-13501:
-------------------------------------------
Cassandra 4.0.11 and 4.1.3 contains the logback version 1.2.9 , these are
vulnerable to following CVE, please upgrade to the latest version of these jars.
CVE : CVE-2021-42550 (BDSA-2021-3818)
CVE Score : 6.6
apache-cassandra/lib/logback-classic-1.2.9.jar
apache-cassandra/lib/logback-core-1.2.9.jar
> Upgrade some dependencies.
> --------------------------
>
> Key: CASSANDRA-13501
> URL: https://issues.apache.org/jira/browse/CASSANDRA-13501
> Project: Cassandra
> Issue Type: Improvement
> Components: Dependencies
> Reporter: vincent royer
> Priority: Low
> Fix For: 3.0.x, 3.11.x, 5.x
>
>
> Upgrade some java libraries to be able to run elasticsearch as a cassandra
> plugin (an elasticsearch jar dropped in lib), see CASSANDRA-13270.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org
