You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@cassandra.apache.org by "Brandon Williams (Jira)" <ji...@apache.org> on 2022/10/17 16:08:00 UTC

[jira] [Commented] (CASSANDRA-17965) cassandra-driver-core vulnerability CVE-2019-2684

    [ https://issues.apache.org/jira/browse/CASSANDRA-17965?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17618981#comment-17618981 ] 

Brandon Williams commented on CASSANDRA-17965:
----------------------------------------------

CVE-2019-2684 is a [JRE vulnerability|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2684] that requires upgrading java.  I'm not sure why the driver is getting flagged (especially at this point in time) but all we can do is suppress.

||Branch||CI||
|[3.0|https://github.com/driftx/cassandra/tree/CASSANDRA-17965-3.0]|[circle|https://app.circleci.com/pipelines/github/driftx/cassandra/668/workflows/bd7d5a5f-07fe-439d-bd49-37df4c6803d4]
|[3.11|https://github.com/driftx/cassandra/tree/CASSANDRA-17965-3.11]|[circle|https://app.circleci.com/pipelines/github/driftx/cassandra/671/workflows/fc7b9c12-861b-48d6-9100-3774bd8f1fd9]|
[4.0|https://github.com/driftx/cassandra/tree/CASSANDRA-17965-4.0]|[circle|https://app.circleci.com/pipelines/github/driftx/cassandra/672/workflows/088b994e-66fe-4fef-9dca-03bc72fbccf4]
[4.1|https://github.com/driftx/cassandra/tree/CASSANDRA-17965-4.1]|[circle|https://app.circleci.com/pipelines/github/driftx/cassandra/670/workflows/f69b12b1-71ae-43e0-a441-cdb9fbe16da6]
[trunk|https://github.com/driftx/cassandra/tree/CASSANDRA-17965-trunk]|[circle|https://app.circleci.com/pipelines/github/driftx/cassandra/669/workflows/17fb4724-a0f0-4672-8453-71929bb96157]



> cassandra-driver-core vulnerability CVE-2019-2684
> -------------------------------------------------
>
>                 Key: CASSANDRA-17965
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-17965
>             Project: Cassandra
>          Issue Type: Bug
>          Components: Dependencies
>            Reporter: Brandon Williams
>            Assignee: Brandon Williams
>            Priority: Normal
>             Fix For: 3.0.x, 3.11.x, 4.0.x, 4.1-beta2, 4.x
>
>
> As the summary says, CVE-2019-2684 affects cassandra-driver-core including both versions we use, 3.0.1 and 3.11.0.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cassandra.apache.org
For additional commands, e-mail: commits-help@cassandra.apache.org