You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@dolphinscheduler.apache.org by GitBox <gi...@apache.org> on 2021/01/20 03:17:26 UTC
[GitHub] [incubator-dolphinscheduler] QiAnXinCodeSafe opened a new issue #4503: There is a vulnerability in jackson 2.9.10,upgrade recommended
QiAnXinCodeSafe opened a new issue #4503:
URL: https://github.com/apache/incubator-dolphinscheduler/issues/4503
https://github.com/apache/incubator-dolphinscheduler/blob/17c06ce966fc5c6a6136ee142e4698312fe6532f/pom.xml#L68
CVE-2019-16942 CVE-2019-16943 CVE-2019-17531 CVE-2020-8840 CVE-2020-9546 CVE-2020-9547
Recommended upgrade version:2.10.5.1
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [incubator-dolphinscheduler] CalvinKirs commented on issue #4503: There is a vulnerability in jackson 2.9.10,upgrade recommended
Posted by GitBox <gi...@apache.org>.
CalvinKirs commented on issue #4503:
URL: https://github.com/apache/incubator-dolphinscheduler/issues/4503#issuecomment-763522121
Because the upgrade involves license, you can refer to the following article to modify it: https://dolphinscheduler.apache.org/zh-cn/community/development/DS-License.html
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [incubator-dolphinscheduler] zhuangchong commented on issue #4503: There is a vulnerability in jackson 2.9.10,upgrade recommended
Posted by GitBox <gi...@apache.org>.
zhuangchong commented on issue #4503:
URL: https://github.com/apache/incubator-dolphinscheduler/issues/4503#issuecomment-763321596
+1
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [incubator-dolphinscheduler] woshiwuxiaofei commented on issue #4503: There is a vulnerability in jackson 2.9.10,upgrade recommended
Posted by GitBox <gi...@apache.org>.
woshiwuxiaofei commented on issue #4503:
URL: https://github.com/apache/incubator-dolphinscheduler/issues/4503#issuecomment-764138015
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [incubator-dolphinscheduler] dailidong closed issue #4503: There is a vulnerability in jackson 2.9.10,upgrade recommended
Posted by GitBox <gi...@apache.org>.
dailidong closed issue #4503:
URL: https://github.com/apache/incubator-dolphinscheduler/issues/4503
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [incubator-dolphinscheduler] woshiwuxiaofei commented on issue #4503: There is a vulnerability in jackson 2.9.10,upgrade recommended
Posted by GitBox <gi...@apache.org>.
woshiwuxiaofei commented on issue #4503:
URL: https://github.com/apache/incubator-dolphinscheduler/issues/4503#issuecomment-764138015
A programmer named `woshiwuxiaofei` is trying to practice this task first time.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [incubator-dolphinscheduler] woshiwuxiaofei commented on issue #4503: There is a vulnerability in jackson 2.9.10,upgrade recommended
Posted by GitBox <gi...@apache.org>.
woshiwuxiaofei commented on issue #4503:
URL: https://github.com/apache/incubator-dolphinscheduler/issues/4503#issuecomment-764493303
> https://github.com/apache/incubator-dolphinscheduler/blob/17c06ce966fc5c6a6136ee142e4698312fe6532f/pom.xml#L68
>
> [CVE-2019-16942](https://github.com/advisories/GHSA-mx7p-6679-8g3q) [CVE-2019-16943](https://github.com/advisories/GHSA-fmmc-742q-jg75) [CVE-2019-17531](https://github.com/advisories/GHSA-gjmw-vf9h-g25v) [CVE-2020-8840](https://github.com/advisories/GHSA-4w82-r329-3q67) [CVE-2020-9546](https://github.com/advisories/GHSA-5p34-5m6p-p58g) [CVE-2020-9547](https://github.com/advisories/GHSA-q93h-jc49-78gg)
>
> Recommended upgrade version:2.10.5.1
jackson-annotations-2.10.5.jar
jackson-core-2.10.5.jar
jackson-core-asl-1.9.13.jar
jackson-databind-2.10.5.jar
jackson-datatype-jdk8-2.9.10.jar
jackson-datatype-jsr310-2.9.10.jar
jackson-module-parameter-names-2.9.10.jar
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org