You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hudi.apache.org by "Ethan Guo (Jira)" <ji...@apache.org> on 2022/06/08 05:45:00 UTC
[jira] [Updated] (HUDI-3819) upgrade spring cve-2022-22965
[ https://issues.apache.org/jira/browse/HUDI-3819?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ethan Guo updated HUDI-3819:
----------------------------
Fix Version/s: 0.12.0
(was: 0.11.1)
> upgrade spring cve-2022-22965
> -----------------------------
>
> Key: HUDI-3819
> URL: https://issues.apache.org/jira/browse/HUDI-3819
> Project: Apache Hudi
> Issue Type: Bug
> Components: cli
> Affects Versions: 0.9.0, 0.10.1
> Reporter: Jason-Morries Adam
> Assignee: Sagar Sumit
> Priority: Blocker
> Labels: pull-request-available
> Fix For: 0.12.0
>
>
> We should upgrade the Spring Framework version at Hudi CLI because of cve-2022-22965. The Qualys Scanner finds these packages and raises a warning because of the existence of these files on the system.
> The found files are:
> /usr/lib/hudi/cli/lib/spring-beans-4.2.4.RELEASE.jar /usr/lib/hudi/cli/lib/spring-core-4.2.4.RELEASE.jar
> More Information:
> Spring Framework: https://spring.io/projects/spring-framework
> Spring project spring-framework release notes: https://github.com/spring-projects/spring-framework/releases
> CVE-2022-22965: https://tanzu.vmware.com/security/cve-2022-22965
--
This message was sent by Atlassian Jira
(v8.20.7#820007)