[ https://issues.apache.org/jira/browse/CASSANDRA-13501?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17791957#comment-17791957 ]
Kapil Shewate commented on CASSANDRA-13501: ------------------------------------------- Cassandra 4.0.11 and 4.1.3 contains the logback version 1.2.9 , these are vulnerable to following CVE, please upgrade to the latest version of these jars. CVE : CVE-2021-42550 (BDSA-2021-3818) CVE Score : 6.6 apache-cassandra/lib/logback-classic-1.2.9.jar apache-cassandra/lib/logback-core-1.2.9.jar > Upgrade some dependencies. > -------------------------- > > Key: CASSANDRA-13501 > URL: https://issues.apache.org/jira/browse/CASSANDRA-13501 > Project: Cassandra > Issue Type: Improvement > Components: Dependencies > Reporter: vincent royer > Priority: Low > Fix For: 3.0.x, 3.11.x, 5.x > > > Upgrade some java libraries to be able to run elasticsearch as a cassandra > plugin (an elasticsearch jar dropped in lib), see CASSANDRA-13270. -- This message was sent by Atlassian Jira (v8.20.10#820010) --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org