You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tinkerpop.apache.org by "justinchuch (GitHub)" <gi...@apache.org> on 2019/09/23 18:30:00 UTC
[GitHub] [tinkerpop] justinchuch opened pull request #1198: Upgrade
commons-compress to version 1.19 due to CVE-2018-11881
According to sourceclear:
https://www.sourceclear.com/vulnerability-database/security/denial-of-service-dos-/java/sid-7319
`commons-compress` is vulnerable to denial of service (DoS) attacks.
Although it looks like `hadoop-gremlin` does not use the library directly, but still may be worth upgrading it.
Run `docker/build.sh -t -i` on my local, and the Reactor Summary reports `BUILD SUCCESS`.
[ Full content available at: https://github.com/apache/tinkerpop/pull/1198 ]
This message was relayed via gitbox.apache.org for dev@tinkerpop.apache.org
[GitHub] [tinkerpop] justinchuch commented on issue #1198: Upgrade
commons-compress to version 1.19 due to CVE-2018-11881
Posted by "justinchuch (GitHub)" <gi...@apache.org>.
I am so sorry, typo in the branch name and the commit.
To avoid confusion, I have decided to close this PR #1198 and create the PR #1199 again with the correct CVE issue entry. Apologize for any inconvenience caused.
[ Full content available at: https://github.com/apache/tinkerpop/pull/1198 ]
This message was relayed via gitbox.apache.org for dev@tinkerpop.apache.org
[GitHub] [tinkerpop] justinchuch closed pull request #1198: Upgrade
commons-compress to version 1.19 due to CVE-2018-11881
Posted by "justinchuch (GitHub)" <gi...@apache.org>.
[ pull request closed by justinchuch ]
[ Full content available at: https://github.com/apache/tinkerpop/pull/1198 ]
This message was relayed via gitbox.apache.org for dev@tinkerpop.apache.org