Hello there. We are working on the apache atlas code and started developing over https://github.com/apache/atlas/tree/release-2.1.0-rc3. Upon scanning using twistlock, we found 180+ vulnerabilities. PFA, the twistlock-image scanning results.
Out of these, Jackson-databind and netty_netty-all were the most occurring ones. So, we tried upgrading the versions, but integration tests in atlas-webapp module start failing saying "org.eclipse.jetty.utils: Multi exception". We have upgraded the version of jetty-server to 9.4.x but atlas server fails to start and throws 503: service unavailable error. The same thing is happening while upgrading versions of any other dependencies in atlas module. The application breaks for any other dependency which we are trying to upgrade. For example, Hadoop-hdfs uses Jackson-databind as transitive dependency, hence I am unable to update version. I do not see any open issue on the github channel too. Have you experienced any such scenario while upgrading earlier too? Is there a way for me to move ahead to remove vulnerabilities in the current versions. Regards, Gaurav Saini The information transmitted is intended only for the person or entity to which it is addressed and may contain CONFIDENTIAL material. If you receive this material/information in error, please contact the sender and delete or destroy the material/information. Humana Inc. and its subsidiaries comply with applicable Federal civil rights laws and do not discriminate on the basis of race, color, national origin, ancestry, age, disability, sex, marital status, gender, sexual orientation, gender identity, or religion. Humana Inc. and its subsidiaries do not exclude people or treat them differently because of race, color, national origin, ancestry, age, disability, sex, marital status, gender, sexual orientation, gender identity, or religion. English: ATTENTION: If you do not speak English, language assistance services, free of charge, are available to you. Call 1‐877‐320‐1235 (TTY: 711). Español (Spanish): ATENCIÓN: Si habla español, tiene a su disposición servicios gratuitos de asistencia lingüística. Llame al 1‐877‐320‐1235 (TTY: 711). 繁體中文(Chinese):注意:如果您使用繁體中文,您可以免費獲得語言援助 服務。請致電 1‐877‐320‐1235 (TTY: 711)。 Kreyòl Ayisyen (Haitian Creole): ATANSION: Si w pale Kreyòl Ayisyen, gen sèvis èd pou lang ki disponib gratis pou ou. Rele 1‐877‐320‐1235 (TTY: 711). Polski (Polish): UWAGA: Jeżeli mówisz po polsku, możesz skorzystać z bezpłatnej pomocy językowej. Zadzwoń pod numer 1‐877‐320‐1235 (TTY: 711). 한국어 (Korean): 주의: 한국어를 사용하시는 경우, 언어 지원 서비스를 무료로 이용하실 수 있습니다. 1‐877‐320‐1235 (TTY: 711)번으로 전화해 주십시오.
