[
https://issues.apache.org/jira/browse/IGNITE-8471?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16472339#comment-16472339
]
ASF GitHub Bot commented on IGNITE-8471:
----------------------------------------
GitHub user agura opened a pull request:
https://github.com/apache/ignite/pull/3984
IGNITE-8471 Dependencies upgraded
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/agura/incubator-ignite ignite-8471
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/ignite/pull/3984.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #3984
----
commit 50c69ace2834a2ed6cbb4d828ee75a0dc157e208
Author: Andrey Gura <agura@...>
Date: 2018-05-11T17:41:30Z
IGNITE-8471 Dependencies upgraded
----
> Apache ignite for .NET has security vulnerabilities
> ---------------------------------------------------
>
> Key: IGNITE-8471
> URL: https://issues.apache.org/jira/browse/IGNITE-8471
> Project: Ignite
> Issue Type: Bug
> Components: security
> Affects Versions: 2.4
> Reporter: Harendra Rai
> Assignee: Andrey Gura
> Priority: Major
> Fix For: 2.5
>
>
> There are two security vulnerabilities in the latest 2.4.0 version.
> # commons-beanutils-1.8.3.jar. Here is the vulnerability id CVE-2014-0114 :
> [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0114]
> *Resolution to this issue is*: All Commons BeanUtils users should upgrade to
> the latest version >= commons-beanutils-1.9.2
> # commons-codec-1.6.jar: Here is the vulnerability detail
> https://issues.apache.org/jira/browse/CODEC-96
> *Resolution* *to this issue is:* To upgrade to the latest available Version
> 1.11
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
