You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@druid.apache.org by GitBox <gi...@apache.org> on 2019/12/19 21:39:48 UTC

[GitHub] [incubator-druid] averma111 opened a new issue #9079: Incompatible JARS while Running Apache Druid 0.16 on GKE , Jenkins Twistlock Vulnerabilities

averma111 opened a new issue #9079: Incompatible JARS while Running Apache Druid 0.16 on GKE , Jenkins Twistlock Vulnerabilities 
URL: https://github.com/apache/incubator-druid/issues/9079
 
 
   The Devops team today have come up with Twistlock Vulnerabilities which are 49 in total number for Druid running on GKE.
   
   ### Affected Version
   
   0.16
   
   ### Description
   
   Please include as much detailed information about the problem as possible.
   - Cluster size--Single instance micro quick start
   - Configurations in use--default configuration
   - Steps to reproduce the problem--No Idea
   One of the example I am sharing below
   
   **com.fasterxml.jackson.core_jackson-databind   Package version :2.4.0 Fixed version:2.9.7**
   
   Description which is mentioned is below.
   
   FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic deserialization.
   
   
   Does future Druid version is fixing this type of issue.
   
   Thanks,
   Ashish

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services

---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@druid.apache.org
For additional commands, e-mail: commits-help@druid.apache.org

[GitHub] [druid] stale[bot] commented on issue #9079: Incompatible JARS while Running Apache Druid 0.16 on GKE , Jenkins Twistlock Vulnerabilities

Posted by GitBox <gi...@apache.org>.

stale[bot] commented on issue #9079:
URL: https://github.com/apache/druid/issues/9079#issuecomment-703196524


   This issue has been marked as stale due to 280 days of inactivity. It will be closed in 4 weeks if no further activity occurs. If this issue is still relevant, please simply write any comment. Even if closed, you can still revive the issue at any time or discuss it on the dev@druid.apache.org list. Thank you for your contributions.
   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@druid.apache.org
For additional commands, e-mail: commits-help@druid.apache.org