You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@submarine.apache.org by "Zhankun Tang (Jira)" <ji...@apache.org> on 2020/12/22 02:13:00 UTC
[jira] [Commented] (SUBMARINE-696) Vulnerability upgrade
recommended
[ https://issues.apache.org/jira/browse/SUBMARINE-696?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17253212#comment-17253212 ]
Zhankun Tang commented on SUBMARINE-696:
----------------------------------------
Thanks for pointing out this. [~aeioulisa]! Feel free to raise a JIRA to upgrade them. Thanks!
> Vulnerability upgrade recommended
> ---------------------------------
>
> Key: SUBMARINE-696
> URL: https://issues.apache.org/jira/browse/SUBMARINE-696
> Project: Apache Submarine
> Issue Type: Improvement
> Reporter: Lisa Chang
> Priority: Trivial
>
> codehaus-jackson version:
> [https://github.com/apache/submarine/blob/3041ef26ad04c0bddd2257a28694aa4e2b4cc837/pom.xml#L120]
> [CVE-2017-15095|https://github.com/advisories/GHSA-h592-38cm-4ggp] [CVE-2018-7489|https://github.com/advisories/GHSA-cggj-fvv3-cqwv] [CVE-2019-14540|https://github.com/advisories/GHSA-h822-r4r5-v8jg] [CVE-2019-16335|https://github.com/advisories/GHSA-85cw-hj65-qqv9] [CVE-2019-17267|https://github.com/advisories/GHSA-f3j5-rmmp-3fc5] [CVE-2019-14893|https://github.com/advisories/GHSA-qmqc-x3r4-6v39] [CVE-2018-5968|https://github.com/advisories/GHSA-w3f4-3q6j-rh82] [CVE-2019-10172|https://github.com/advisories/GHSA-r6j9-8759-g62w] [CVE-2018-1000873|https://github.com/advisories/GHSA-h4x4-5qp2-wp46]
> Recommended upgrade version:2.6.7.4
> ---------------------------------------------------------------------------------------------------------
> solr version:
> [https://github.com/apache/submarine/blob/3041ef26ad04c0bddd2257a28694aa4e2b4cc837/submarine-security/spark-security/pom.xml#L53]
> [CVE-2019-0192|https://github.com/advisories/GHSA-xhcq-fv7x-grr2] [CVE-2017-3164|https://github.com/advisories/GHSA-vrh8-27q8-fr8f] [CVE-2019-0193|https://github.com/advisories/GHSA-3gm7-v7vw-866c] [CVE-2019-17558|https://github.com/advisories/GHSA-ww97-9w65-2crx] CVE-2020-13941
> Recommended upgrade version:
> 8.4.1.7.1.3.3-3
> ---------------------------------------------------------------------------------------------------------
> spark version:
> [https://github.com/apache/submarine/blob/3041ef26ad04c0bddd2257a28694aa4e2b4cc837/submarine-security/spark-security/pom.xml#L54]
> CVE-2020-9480
> Recommended upgrade version:
> 2.4.0.7.1.1.2007-6
> ---------------------------------------------------------------------------------------------------------
> jetty version:
> [https://github.com/apache/submarine/blob/3041ef26ad04c0bddd2257a28694aa4e2b4cc837/pom.xml#L72]
> [CVE-2020-27216|https://github.com/advisories/GHSA-g3wg-6mcf-8jj6]
> Recommended upgrade version:
> 9.4.35.v20201120
> ---------------------------------------------------------------------------------------------------------
> mysql-connector-java version:
> [https://github.com/apache/submarine/blob/3041ef26ad04c0bddd2257a28694aa4e2b4cc837/pom.xml#L85]
> CVE-2017-3523 CVE-2018-3258 CVE-2017-3586
> Recommended upgrade version:
> 8.0.20
> ---------------------------------------------------------------------------------------------------------
> snakeyaml version
> [https://github.com/apache/submarine/blob/3041ef26ad04c0bddd2257a28694aa4e2b4cc837/pom.xml#L100]
> CVE-2017-18640
> Recommended upgrade version:
> 1.26
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@submarine.apache.org
For additional commands, e-mail: dev-help@submarine.apache.org