[jira] [Created] (RANGER-4701) remove dependency on jackson v1 (ranger-plugins-common)
PJ Fanning created RANGER-4701: -- Summary: remove dependency on jackson v1 (ranger-plugins-common) Key: RANGER-4701 URL: https://issues.apache.org/jira/browse/RANGER-4701 Project: Ranger Issue Type: Task Components: plugins Reporter: PJ Fanning https://mvnrepository.com/artifact/org.apache.ranger/ranger-plugins-common/2.4.0 depends on https://mvnrepository.com/artifact/org.codehaus.jackson/jackson-jaxrs `org.codehaus.jackson/jackson-jaxrs` is not supported any more and has very insecure dependencies. If you need JAX-RS support, you should be using Jackson v2. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (RANGER-3783) upgrade gson due to security issue
PJ Fanning created RANGER-3783: -- Summary: upgrade gson due to security issue Key: RANGER-3783 URL: https://issues.apache.org/jira/browse/RANGER-3783 Project: Ranger Issue Type: Improvement Components: Ranger Reporter: PJ Fanning https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25647 -- This message was sent by Atlassian Jira (v8.20.7#820007)
[jira] [Commented] (RANGER-2782) Upgrade log4j dependency
[ https://issues.apache.org/jira/browse/RANGER-2782?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17476919#comment-17476919 ] PJ Fanning commented on RANGER-2782: Might be worth considering [https://github.com/qos-ch/reload4j] as a simpler change than log4j2 migration. > Upgrade log4j dependency > > > Key: RANGER-2782 > URL: https://issues.apache.org/jira/browse/RANGER-2782 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: 2.0.0 >Reporter: Bolke de Bruin >Assignee: Bolke de Bruin >Priority: Blocker > Attachments: > 0001-RANGER-2782-Upgrade-log4j-to-a-supported-version.patch > > > The current log4j version in ranger is end of life and contains critical > security Vulnerabilities > CVE-2019-17571 -- This message was sent by Atlassian Jira (v8.20.1#820001)
