You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cassandra.apache.org by "Stefan Miklosovic (Jira)" <ji...@apache.org> on 2021/09/24 14:27:00 UTC
[jira] [Commented] (CASSANDRA-15856) Security vulnerabilities with
dependency jars of Cassandra 3.11.6
[ https://issues.apache.org/jira/browse/CASSANDRA-15856?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17419810#comment-17419810 ]
Stefan Miklosovic commented on CASSANDRA-15856:
-----------------------------------------------
Netty vulnerabilities are not applicable to Cassandra.
> Security vulnerabilities with dependency jars of Cassandra 3.11.6
> ------------------------------------------------------------------
>
> Key: CASSANDRA-15856
> URL: https://issues.apache.org/jira/browse/CASSANDRA-15856
> Project: Cassandra
> Issue Type: Task
> Reporter: Kshitiz Saxena
> Priority: Normal
> Fix For: 3.11.x
>
>
> The latest release of Cassandra 3.11.6 has few dependency jars which have some security vulnerabilities.
>
> Apache Thrift (org.apache.thrift:libthrift:0.9.2) has below mentioned security vulnerabilities reported
> |+[https://nvd.nist.gov/vuln/detail/CVE-2016-5397]+|
> |+[https://nvd.nist.gov/vuln/detail/CVE-2018-1320]+|
> |+[https://nvd.nist.gov/vuln/detail/CVE-2019-0205]+|
>
> Netty Project (io.netty:netty-all:4.0.44.Final) has below mentioned security vulnerabilities reported
> |+[https://nvd.nist.gov/vuln/detail/CVE-2019-16869]+|
> |+[https://nvd.nist.gov/vuln/detail/CVE-2019-20444]+|
> |+[https://nvd.nist.gov/vuln/detail/CVE-2019-20445]+|
>
> Is there a plan to upgrade these jars in any upcoming release?
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cassandra.apache.org
For additional commands, e-mail: commits-help@cassandra.apache.org