You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@doris.apache.org by GitBox <gi...@apache.org> on 2022/10/13 02:52:48 UTC

[GitHub] [doris] lxxawfl opened a new pull request, #13340: fix(sec): upgrade com.alibaba:fastjson to 1.2.83

lxxawfl opened a new pull request, #13340:
URL: https://github.com/apache/doris/pull/13340

   ### What happened？
   There are 3 security vulnerabilities found in com.alibaba:fastjson 1.2.62
   - [CVE-2022-25845](https://www.oscs1024.com/hd/CVE-2022-25845)
   - [MPS-2020-39708](https://www.oscs1024.com/hd/MPS-2020-39708)
   - [MPS-2020-40828](https://www.oscs1024.com/hd/MPS-2020-40828)
   
   
   ### What did I do？
   Upgrade com.alibaba:fastjson from 1.2.62 to 1.2.83 for vulnerability fix
   
   ### What did you expect to happen？
   Ideally, no insecure libs should be used.
   
   ### The specification of the pull request
   [PR Specification](https://www.oscs1024.com/docs/pr-specification/) from OSCS


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@doris.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@doris.apache.org
For additional commands, e-mail: commits-help@doris.apache.org

[GitHub] [doris] github-actions[bot] commented on pull request #13340: [fix](sec): upgrade com.alibaba:fastjson to 1.2.83

Posted by "github-actions[bot] (via GitHub)" <gi...@apache.org>.

github-actions[bot] commented on PR #13340:
URL: https://github.com/apache/doris/pull/13340#issuecomment-1520976860

   We're closing this PR because it hasn't been updated in a while.
   This isn't a judgement on the merit of the PR in any way. It's just a way of keeping the PR queue manageable.
   If you'd like to revive this PR, please reopen it and feel free a maintainer to remove the Stale tag!


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@doris.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@doris.apache.org
For additional commands, e-mail: commits-help@doris.apache.org

[GitHub] [doris] github-actions[bot] closed pull request #13340: [fix](sec): upgrade com.alibaba:fastjson to 1.2.83

Posted by "github-actions[bot] (via GitHub)" <gi...@apache.org>.

github-actions[bot] closed pull request #13340: [fix](sec): upgrade com.alibaba:fastjson to 1.2.83
URL: https://github.com/apache/doris/pull/13340


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@doris.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@doris.apache.org
For additional commands, e-mail: commits-help@doris.apache.org