You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@dolphinscheduler.apache.org by GitBox <gi...@apache.org> on 2022/09/11 11:36:04 UTC

[GitHub] [dolphinscheduler] pjfanning opened a new issue, #11897: [Bug] upgrade to spring 5.3.20+ due to CVE-2022-22970 and CVE-2022-22971

pjfanning opened a new issue, #11897:
URL: https://github.com/apache/dolphinscheduler/issues/11897

   ### Search before asking
   
   - [X] I had searched in the [issues](https://github.com/apache/dolphinscheduler/issues?q=is%3Aissue) and found no similar issues.
   
   
   ### What happened
   
   dependabot found 2 security issues
   
   * https://github.com/advisories/GHSA-hh26-6xwr-ggv7
   * https://github.com/advisories/GHSA-rqph-vqwm-22vc
   
   ### What you expected to happen
   
   secure libs used
   
   ### How to reproduce
   
   dependabot build
   
   ### Anything else
   
   _No response_
   
   ### Version
   
   dev
   
   ### Are you willing to submit PR?
   
   - [ ] Yes I am willing to submit a PR!
   
   ### Code of Conduct
   
   - [X] I agree to follow this project's [Code of Conduct](https://www.apache.org/foundation/policies/conduct)
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@dolphinscheduler.apache.org.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [dolphinscheduler] github-actions[bot] commented on issue #11897: [Bug] upgrade to spring 5.3.20+ due to CVE-2022-22970 and CVE-2022-22971

Posted by GitBox <gi...@apache.org>.

github-actions[bot] commented on issue #11897:
URL: https://github.com/apache/dolphinscheduler/issues/11897#issuecomment-1242945480

   Thank you for your feedback, we have received your issue, Please wait patiently for a reply.
   * In order for us to understand your request as soon as possible, please provide detailed information、version or pictures.
   * If you haven't received a reply for a long time, you can [join our slack](https://s.apache.org/dolphinscheduler-slack) and send your question to channel `#troubleshooting`


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@dolphinscheduler.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [dolphinscheduler] kezhenxu94 closed issue #11897: [Bug] upgrade to spring 5.3.20+ due to CVE-2022-22970 and CVE-2022-22971

Posted by GitBox <gi...@apache.org>.

kezhenxu94 closed issue #11897: [Bug] upgrade to spring 5.3.20+ due to CVE-2022-22970 and CVE-2022-22971
URL: https://github.com/apache/dolphinscheduler/issues/11897


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@dolphinscheduler.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org