[
https://issues.apache.org/jira/browse/SUBMARINE-696?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Liu Xun resolved SUBMARINE-696.
-------------------------------
Fix Version/s: 0.6.0
Resolution: Fixed
Issue resolved by pull request 552
[https://github.com/apache/submarine/pull/552]
> Vulnerability upgrade recommended
> ---------------------------------
>
> Key: SUBMARINE-696
> URL: https://issues.apache.org/jira/browse/SUBMARINE-696
> Project: Apache Submarine
> Issue Type: Improvement
> Reporter: Lisa Chang
> Assignee: Lisa Chang
> Priority: Trivial
> Labels: pull-request-available
> Fix For: 0.6.0
>
>
> codehaus-jackson version:
> [https://github.com/apache/submarine/blob/3041ef26ad04c0bddd2257a28694aa4e2b4cc837/pom.xml#L120]
> [CVE-2017-15095|https://github.com/advisories/GHSA-h592-38cm-4ggp]
> [CVE-2018-7489|https://github.com/advisories/GHSA-cggj-fvv3-cqwv]
> [CVE-2019-14540|https://github.com/advisories/GHSA-h822-r4r5-v8jg]
> [CVE-2019-16335|https://github.com/advisories/GHSA-85cw-hj65-qqv9]
> [CVE-2019-17267|https://github.com/advisories/GHSA-f3j5-rmmp-3fc5]
> [CVE-2019-14893|https://github.com/advisories/GHSA-qmqc-x3r4-6v39]
> [CVE-2018-5968|https://github.com/advisories/GHSA-w3f4-3q6j-rh82]
> [CVE-2019-10172|https://github.com/advisories/GHSA-r6j9-8759-g62w]
> [CVE-2018-1000873|https://github.com/advisories/GHSA-h4x4-5qp2-wp46]
> Recommended upgrade version:2.6.7.4
> ---------------------------------------------------------------------------------------------------------
> solr version:
> [https://github.com/apache/submarine/blob/3041ef26ad04c0bddd2257a28694aa4e2b4cc837/submarine-security/spark-security/pom.xml#L53]
> [CVE-2019-0192|https://github.com/advisories/GHSA-xhcq-fv7x-grr2]
> [CVE-2017-3164|https://github.com/advisories/GHSA-vrh8-27q8-fr8f]
> [CVE-2019-0193|https://github.com/advisories/GHSA-3gm7-v7vw-866c]
> [CVE-2019-17558|https://github.com/advisories/GHSA-ww97-9w65-2crx]
> CVE-2020-13941
> Recommended upgrade version:
> 8.4.1.7.1.3.3-3
> ---------------------------------------------------------------------------------------------------------
> spark version:
> [https://github.com/apache/submarine/blob/3041ef26ad04c0bddd2257a28694aa4e2b4cc837/submarine-security/spark-security/pom.xml#L54]
> CVE-2020-9480
> Recommended upgrade version:
> 2.4.0.7.1.1.2007-6
> ---------------------------------------------------------------------------------------------------------
> jetty version:
> [https://github.com/apache/submarine/blob/3041ef26ad04c0bddd2257a28694aa4e2b4cc837/pom.xml#L72]
> [CVE-2020-27216|https://github.com/advisories/GHSA-g3wg-6mcf-8jj6]
> Recommended upgrade version:
> 9.4.35.v20201120
> ---------------------------------------------------------------------------------------------------------
> mysql-connector-java version:
> [https://github.com/apache/submarine/blob/3041ef26ad04c0bddd2257a28694aa4e2b4cc837/pom.xml#L85]
> CVE-2017-3523 CVE-2018-3258 CVE-2017-3586
> Recommended upgrade version:
> 8.0.20
> ---------------------------------------------------------------------------------------------------------
> snakeyaml version
> [https://github.com/apache/submarine/blob/3041ef26ad04c0bddd2257a28694aa4e2b4cc837/pom.xml#L100]
> CVE-2017-18640
> Recommended upgrade version:
> 1.26
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
