pjpringle opened a new issue #7254: URL: https://github.com/apache/pinot/issues/7254
Several libraries in the tar.gz distro for 0.71 are flagged as having severe/critical vulnerabilities by sonatype. Notably swagger jars and netty. These get flagged by enterprise scanning and makes onboarding difficult Fix to upgrade versions in pom.xml to later releases with fixes https://nvd.nist.gov/vuln/detail/CVE-2019-17495 https://nvd.nist.gov/vuln/detail/CVE-2021-21290 Would also be good to add scanning to the github project to proactively pick these up. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
