[jira] [Updated] (ARROW-1240) security: upgrade logback to address CVE-2017-5929
[ https://issues.apache.org/jira/browse/ARROW-1240?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Wes McKinney updated ARROW-1240: Fix Version/s: (was: 0.5.0) 0.6.0 > security: upgrade logback to address CVE-2017-5929 > -- > > Key: ARROW-1240 > URL: https://issues.apache.org/jira/browse/ARROW-1240 > Project: Apache Arrow > Issue Type: Bug > Components: Java - Memory, Java - Vectors >Affects Versions: 0.4.1 >Reporter: Matt Darwin >Assignee: Matt Darwin > Fix For: 0.6.0 > > > logback versions before 1.2.0 are affected by "a rather severe serialization > vulnerability in SocketServer and ServerSocketReceiver". > We should upgrade logback from 1.0.13 to the latest version (currently 1.2.3) > in order to address this. > See https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5929 > and > https://logback.qos.ch/news.html -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Updated] (ARROW-1240) security: upgrade logback to address CVE-2017-5929
[ https://issues.apache.org/jira/browse/ARROW-1240?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Matt Darwin updated ARROW-1240: --- Component/s: Java - Vectors > security: upgrade logback to address CVE-2017-5929 > -- > > Key: ARROW-1240 > URL: https://issues.apache.org/jira/browse/ARROW-1240 > Project: Apache Arrow > Issue Type: Bug > Components: Java - Memory, Java - Vectors >Affects Versions: 0.4.1 >Reporter: Matt Darwin > Fix For: 0.5.0 > > > logback versions before 1.2.0 are affected by "a rather severe serialization > vulnerability in SocketServer and ServerSocketReceiver". > We should upgrade logback from 1.0.13 to the latest version (currently 1.2.3) > in order to address this. > See https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5929 > and > https://logback.qos.ch/news.html -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Updated] (ARROW-1240) security: upgrade logback to address CVE-2017-5929
[ https://issues.apache.org/jira/browse/ARROW-1240?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Uwe L. Korn updated ARROW-1240: --- Fix Version/s: 0.5.0 > security: upgrade logback to address CVE-2017-5929 > -- > > Key: ARROW-1240 > URL: https://issues.apache.org/jira/browse/ARROW-1240 > Project: Apache Arrow > Issue Type: Bug > Components: Java - Memory >Affects Versions: 0.4.1 >Reporter: Matt Darwin > Fix For: 0.5.0 > > > logback versions before 1.2.0 are affected by "a rather severe serialization > vulnerability in SocketServer and ServerSocketReceiver". > We should upgrade logback from 1.0.13 to the latest version (currently 1.2.3) > in order to address this. > See https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5929 > and > https://logback.qos.ch/news.html -- This message was sent by Atlassian JIRA (v6.4.14#64029)
