Matt Darwin created AVRO-2218:
---------------------------------
Summary: upgrade libraries to work around security issues
Key: AVRO-2218
URL: https://issues.apache.org/jira/browse/AVRO-2218
Project: Avro
Issue Type: Improvement
Components: java
Affects Versions: 1.8.2
Reporter: Matt Darwin
Avro has some very old dependencies, which potentially expose users to security
vulnerabilities.
||Library||Current version||dated||latest version||dated||
|Jackson|1.9.13|Jul '13|2.9.6|Jun '18|
|paranamer|2.7|Aug '14|2.8|Aug '15|
|snappy|1.1.1.3|Jul '14|1.1.7.2|May '18|
|commons-compress|1.8.1|May '14|1.17|May '18|
|Tukaani XZ|1.5|Mar '14|1.8|Jan '18|
Large corporations have strict rules about the use of third-party libraries.
For example, at Oracle we are not allowed to use any third-party code which has
any dependencies older than 18 months or 5 versions.
Please upgrade these dependencies to the latest versions.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
