[
https://issues.apache.org/jira/browse/CASSANDRA-16734?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Brandon Williams updated CASSANDRA-16734:
-
Resolution: Invalid
Status: Resolved (was: Triage Needed)
Some of these have already been brought up and resolved as not being relevant,
for instance CASSANDRA-16463. In any case we aren't going to upgrade these in
blanket fashion, but on a case-by-case basis, so please file tickets for the
specific libraries with vulnerabilities that affect the project.
> Remediate Cassandra 3.11.10 JAR dependency vulnerabilities
> ---
>
> Key: CASSANDRA-16734
> URL: https://issues.apache.org/jira/browse/CASSANDRA-16734
> Project: Cassandra
> Issue Type: Improvement
> Components: Dependencies
>Reporter: Daniel Gomez
>Priority: Normal
>
> Several JAR dependencies are flagged in Cassandra 3.11.10 as having
> vulnerabilities that have been fixed in newer releases.
> The following is the Cassandra 3.11.10 source tree for their JAR
> dependencies:
> [https://github.com/apache/cassandra/tree/181a4969290f1c756089b2993a638fe403bc1314/lib]
> A possible fix strategy is to simply update the JARs to their newest version.
> See the JAR files available for each vulnerable library:
> * SeeĀ
> [https://mvnrepository.com/artifact/com.fasterxml.jackson.core/jackson-databind/2.9.10.8]
> * See [https://mvnrepository.com/artifact/io.netty/netty-all/4.1.65.Final]
> * See
> [https://mvnrepository.com/artifact/org.apache.thrift/libthrift/0.9.3-1]
> * See
> [https://mvnrepository.com/artifact/com.thinkaurelius.thrift/thrift-server/0.3.9]
> * See [https://mvnrepository.com/artifact/com.google.guava/guava/30.1.1-jre]
> * See [https://mvnrepository.com/artifact/ch.qos.logback/logback-core/1.2.3]
> * See [https://mvnrepository.com/artifact/org.yaml/snakeyaml/1.29]
> * See [https://mvnrepository.com/artifact/commons-codec/commons-codec/1.15]
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org