[jira] [Created] (RATIS-2324) Upgrade the thrid party dependencies to fix CVE alarts

Haonan Hou (Jira) Mon, 08 Sep 2025 19:30:08 -0700

Haonan Hou created RATIS-2324:
---------------------------------

             Summary: Upgrade the thrid party dependencies to fix CVE alarts
                 Key: RATIS-2324
                 URL: https://issues.apache.org/jira/browse/RATIS-2324
             Project: Ratis
          Issue Type: Improvement
          Components: thirdparty
    Affects Versions: thirdparty-1.0.9
            Reporter: Haonan Hou
         Attachments: image-2025-09-09-10-27-10-829.png, 
image-2025-09-09-10-27-39-985.png, image-2025-09-09-10-28-01-609.png


The dependency-check-report of IoTDB shows there are some vulnerable 
dependencies from ratis thirdparty 1.0.9. 

!image-2025-09-09-10-27-10-829.png|width=639,height=202!

!image-2025-09-09-10-27-39-985.png|width=295,height=298!

!image-2025-09-09-10-28-01-609.png|width=296,height=164!

Consider upgrading netty and gson to fix them? 



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Created] (RATIS-2324) Upgrade the thrid party dependencies to fix CVE alarts

Reply via email to