You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@kylin.apache.org by PJ Fanning <fa...@apache.org> on 2022/04/05 15:28:51 UTC
issues with jar dependencies that have publicly announced security issues
Hi everyone,
I raised https://issues.apache.org/jira/browse/KYLIN-5159 a while ago.
There are a lot of users, companies and government agencies looking at
ASF projects and looking to ensure that there are no security issues
in open source software.
Would it be possible to collaborate with Kylin contributors to upgrade
at least a few of the older dependencies?
I have one open PR: https://github.com/apache/kylin/pull/1814
That is just one of many that are needed. Dependabot is reporting a
lott of other issues too.
Regards,
PJ
Re: Re:issues with jar dependencies that have publicly announced security issues
Posted by PJ Fanning <fa...@apache.org>.
Hi everyone,
https://github.com/apache/kylin/pull/1850 is still open. Could someone have a look?
Regards,
PJ
On 2022/04/17 22:21:08 PJ Fanning wrote:
> Hi everyone,
> I added https://github.com/apache/kylin/pull/1850 as a follow up. There are a lot of other libs that could be updated but this just a 2nd batch. Would someone be able to review it?
>
> Regards,
> PJ
>
> On 2022/04/06 09:28:07 Xiaoxiang Yu wrote:
> > Thanks for contribution, your patch is merged!
> >
> >
> >
> >
> > --
> >
> > Best wishes to you !
> > From :Xiaoxiang Yu
> >
> >
> >
> >
> >
> > At 2022-04-05 23:28:51, "PJ Fanning" <fa...@apache.org> wrote:
> > >Hi everyone,
> > >I raised https://issues.apache.org/jira/browse/KYLIN-5159 a while ago.
> > >There are a lot of users, companies and government agencies looking at
> > >ASF projects and looking to ensure that there are no security issues
> > >in open source software.
> > >
> > >Would it be possible to collaborate with Kylin contributors to upgrade
> > >at least a few of the older dependencies?
> > >
> > >I have one open PR: https://github.com/apache/kylin/pull/1814
> > >
> > >That is just one of many that are needed. Dependabot is reporting a
> > >lott of other issues too.
> > >
> > >Regards,
> > >PJ
> >
>
Re: Re:issues with jar dependencies that have publicly announced security issues
Posted by PJ Fanning <fa...@apache.org>.
Hi everyone,
I added https://github.com/apache/kylin/pull/1850 as a follow up. There are a lot of other libs that could be updated but this just a 2nd batch. Would someone be able to review it?
Regards,
PJ
On 2022/04/06 09:28:07 Xiaoxiang Yu wrote:
> Thanks for contribution, your patch is merged!
>
>
>
>
> --
>
> Best wishes to you !
> From :Xiaoxiang Yu
>
>
>
>
>
> At 2022-04-05 23:28:51, "PJ Fanning" <fa...@apache.org> wrote:
> >Hi everyone,
> >I raised https://issues.apache.org/jira/browse/KYLIN-5159 a while ago.
> >There are a lot of users, companies and government agencies looking at
> >ASF projects and looking to ensure that there are no security issues
> >in open source software.
> >
> >Would it be possible to collaborate with Kylin contributors to upgrade
> >at least a few of the older dependencies?
> >
> >I have one open PR: https://github.com/apache/kylin/pull/1814
> >
> >That is just one of many that are needed. Dependabot is reporting a
> >lott of other issues too.
> >
> >Regards,
> >PJ
>
Re:issues with jar dependencies that have publicly announced security issues
Posted by Xiaoxiang Yu <xx...@apache.org>.
Thanks for contribution, your patch is merged!
--
Best wishes to you !
From :Xiaoxiang Yu
At 2022-04-05 23:28:51, "PJ Fanning" <fa...@apache.org> wrote:
>Hi everyone,
>I raised https://issues.apache.org/jira/browse/KYLIN-5159 a while ago.
>There are a lot of users, companies and government agencies looking at
>ASF projects and looking to ensure that there are no security issues
>in open source software.
>
>Would it be possible to collaborate with Kylin contributors to upgrade
>at least a few of the older dependencies?
>
>I have one open PR: https://github.com/apache/kylin/pull/1814
>
>That is just one of many that are needed. Dependabot is reporting a
>lott of other issues too.
>
>Regards,
>PJ