[ https://issues.apache.org/jira/browse/CASSANDRA-19484?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17829629#comment-17829629 ]
Ariel Weisberg edited comment on CASSANDRA-19484 at 3/21/24 5:43 PM: --------------------------------------------------------------------- *edit* Removed a bunch of incorrectly generated dependencies with CVEs to shorten the comment thread. was (Author: aweisberg): 3.0 {noformat} cassandra-client-4.0.35.jar/META-INF/maven/com.apple.pie.cassandra/pie-cassandra-driver-core/pom.xml: CVE-2010-0538 cassandra-client-4.0.35.jar/META-INF/maven/com.apple.pie.cassandra/pie-cassandra-driver-mapping/pom.xml: CVE-2010-0538 jackson-databind-2.13.2.2.jar: CVE-2023-35116, CVE-2022-42003, CVE-2022-42004 snappy-java-1.1.8.4.jar: CVE-2023-34455, CVE-2023-34454, CVE-2023-34453, CVE-2023-43642 {noformat} 3.11 {noformat} cassandra-client-4.0.35.jar/META-INF/maven/com.apple.pie.cassandra/pie-cassandra-driver-core/pom.xml: CVE-2010-0538 cassandra-client-4.0.35.jar/META-INF/maven/com.apple.pie.cassandra/pie-cassandra-driver-mapping/pom.xml: CVE-2010-0538 jackson-mapper-asl-1.9.2.jar: CVE-2017-7525, CVE-2019-10172 snakeyaml-1.11.jar: CVE-2017-18640 snappy-java-1.1.8.4.jar: CVE-2023-34455, CVE-2023-34454, CVE-2023-34453, CVE-2023-43642 {noformat} 4.0 {noformat} cassandra-client-4.0.35.jar/META-INF/maven/com.apple.pie.cassandra/pie-cassandra-driver-core/pom.xml: CVE-2010-0538 cassandra-client-4.0.35.jar/META-INF/maven/com.apple.pie.cassandra/pie-cassandra-driver-mapping/pom.xml: CVE-2010-0538 guava-18.0.jar: CVE-2018-10237 jackson-mapper-asl-1.9.2.jar: CVE-2017-7525, CVE-2019-10172 libthrift-0.9.2.jar: CVE-2016-5397, CVE-2018-1320, CVE-2015-3254, CVE-2018-11798, CVE-2019-0205 netty-all-4.0.44.Final.jar: CVE-2019-16869, CVE-2019-20445, CVE-2019-20444, CVE-2020-7238 snakeyaml-1.11.jar: CVE-2017-18640 snappy-java-1.1.8.4.jar: CVE-2023-34455, CVE-2023-34454, CVE-2023-34453, CVE-2023-43642 thrift-server-0.3.7.jar: CVE-2016-5397, CVE-2015-3254, CVE-2019-0205 {noformat} 4.1 {noformat} cassandra-client-4.0.35.jar/META-INF/maven/com.apple.pie.cassandra/pie-cassandra-driver-core/pom.xml: CVE-2010-0538 cassandra-client-4.0.35.jar/META-INF/maven/com.apple.pie.cassandra/pie-cassandra-driver-mapping/pom.xml: CVE-2010-0538 guava-18.0.jar: CVE-2018-10237 jackson-mapper-asl-1.9.2.jar: CVE-2017-7525, CVE-2019-10172 libthrift-0.9.2.jar: CVE-2016-5397, CVE-2018-1320, CVE-2015-3254, CVE-2018-11798, CVE-2019-0205 netty-all-4.0.44.Final.jar: CVE-2019-16869, CVE-2019-20445, CVE-2019-20444, CVE-2020-7238 snakeyaml-1.11.jar: CVE-2017-18640 snappy-java-1.1.8.4.jar: CVE-2023-34455, CVE-2023-34454, CVE-2023-34453, CVE-2023-43642 thrift-server-0.3.7.jar: CVE-2016-5397, CVE-2015-3254, CVE-2019-0205 {noformat} 5.0 {noformat} guava-18.0.jar: CVE-2020-8908, CVE-2018-10237, CVE-2023-2976 guava-27.0-jre.jar: CVE-2020-8908, CVE-2023-2976 jackson-mapper-asl-1.9.2.jar: CVE-2017-7525, CVE-2019-10172 libthrift-0.9.2.jar: CVE-2016-5397, CVE-2018-1320, CVE-2015-3254, CVE-2018-11798, CVE-2019-0205 netty-all-4.0.44.Final.jar: CVE-2021-43797, CVE-2019-16869, CVE-2021-37136, CVE-2021-37137, CVE-2019-20445, CVE-2019-20444, CVE-2021-21295, CVE-2023-34462, CVE-2021-21290, CVE-2022-24823, CVE-2022-41881, CVE-2021-21409, CVE-2020-7238 netty-all-4.1.58.Final.jar: CVE-2021-43797, CVE-2021-37136, CVE-2021-37137, CVE-2022-24823, CVE-2022-41881, CVE-2021-21295, CVE-2021-21409, CVE-2023-34462, CVE-2021-21290 snakeyaml-1.11.jar: CVE-2017-18640 snappy-java-1.1.8.4.jar: CVE-2023-34455, CVE-2023-34454, CVE-2023-34453, CVE-2023-43642 thrift-server-0.3.7.jar: CVE-2016-5397, CVE-2015-3254, CVE-2019-0205 {noformat} trunk {noformat} cassandra-client-4.0.35.jar/META-INF/maven/com.apple.pie.cassandra/pie-cassandra-driver-core/pom.xml: CVE-2010-0538 cassandra-client-4.0.35.jar/META-INF/maven/com.apple.pie.cassandra/pie-cassandra-driver-mapping/pom.xml: CVE-2010-0538 guava-18.0.jar: CVE-2020-8908, CVE-2018-10237, CVE-2023-2976 guava-27.0-jre.jar: CVE-2020-8908, CVE-2023-2976 jackson-databind-2.13.2.2.jar: CVE-2022-42003, CVE-2022-42004 jackson-mapper-asl-1.9.2.jar: CVE-2017-7525, CVE-2019-10172 libthrift-0.9.2.jar: CVE-2016-5397, CVE-2018-1320, CVE-2015-3254, CVE-2018-11798, CVE-2019-0205 netty-all-4.0.44.Final.jar: CVE-2021-43797, CVE-2019-16869, CVE-2021-37136, CVE-2021-37137, CVE-2019-20445, CVE-2019-20444, CVE-2021-21295, CVE-2023-34462, CVE-2021-21290, CVE-2022-24823, CVE-2022-41881, CVE-2021-21409, CVE-2020-7238 netty-all-4.1.58.Final.jar: CVE-2021-43797, CVE-2021-37136, CVE-2021-37137, CVE-2022-24823, CVE-2022-41881, CVE-2021-21295, CVE-2021-21409, CVE-2023-34462, CVE-2021-21290 snakeyaml-1.11.jar: CVE-2017-18640, CVE-2022-38752, CVE-2022-38751, CVE-2022-38750, CVE-2022-41854, CVE-2022-25857, CVE-2022-38749, CVE-2022-1471 snakeyaml-1.26.jar: CVE-2022-38752, CVE-2022-38751, CVE-2022-38750, CVE-2022-41854, CVE-2022-25857, CVE-2022-38749, CVE-2022-1471 snappy-java-1.1.8.4.jar: CVE-2023-34455, CVE-2023-34454, CVE-2023-34453, CVE-2023-43642 thrift-server-0.3.7.jar: CVE-2016-5397, CVE-2015-3254, CVE-2019-0205 {noformat} > Add support for providing nvdDatafeedUrl to OWASP > ------------------------------------------------- > > Key: CASSANDRA-19484 > URL: https://issues.apache.org/jira/browse/CASSANDRA-19484 > Project: Cassandra > Issue Type: Improvement > Components: Build > Reporter: Ariel Weisberg > Assignee: Ariel Weisberg > Priority: Normal > Fix For: 3.0.x, 3.11.x, 4.0.x, 4.1.x, 5.0.x, 5.x > > > This allows you to point to a mirror that is faster and doesn’t require an > API key. > This is kind of painful to make work in {{ant}} because you can't specify the > property at all if you want to use the API and I couldn't find a way to get > {{ant}} to conditionally supply the property without having a dedicated > invocation of the {{dependency-check}} task with/without the parameter > {{nvdDataFeedUrl}} specified. > -- This message was sent by Atlassian Jira (v8.20.10#820010) --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org