You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@dolphinscheduler.apache.org by GitBox <gi...@apache.org> on 2020/12/02 08:19:16 UTC
[GitHub] [incubator-dolphinscheduler] QiAnXinCodeSafe opened a new issue #4144: There is a vulnerability in jackson-databind 2.9.8 ,upgrade recommended
QiAnXinCodeSafe opened a new issue #4144:
URL: https://github.com/apache/incubator-dolphinscheduler/issues/4144
https://github.com/apache/incubator-dolphinscheduler/blob/aa0974fd1f759e96430d3f1b8dac291d6ea7388c/pom.xml#L68
CVE-2019-14379 CVE-2019-14540 CVE-2019-16335 CVE-2019-16942 CVE-2019-16943
Recommended upgrade version:
2.9.10.6
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [incubator-dolphinscheduler] CalvinKirs closed issue #4144: There is a vulnerability in jackson-databind 2.9.8 ,upgrade recommended
Posted by GitBox <gi...@apache.org>.
CalvinKirs closed issue #4144:
URL: https://github.com/apache/incubator-dolphinscheduler/issues/4144
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [incubator-dolphinscheduler] kevinsun2010 commented on issue #4144: There is a vulnerability in jackson-databind 2.9.8 ,upgrade recommended
Posted by GitBox <gi...@apache.org>.
kevinsun2010 commented on issue #4144:
URL: https://github.com/apache/incubator-dolphinscheduler/issues/4144#issuecomment-737585416
i want to fix it
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [incubator-dolphinscheduler] CalvinKirs commented on issue #4144: There is a vulnerability in jackson-databind 2.9.8 ,upgrade recommended
Posted by GitBox <gi...@apache.org>.
CalvinKirs commented on issue #4144:
URL: https://github.com/apache/incubator-dolphinscheduler/issues/4144#issuecomment-737129677
How to modify:
Modify the corresponding jar version in the incubator-dolphinscheduler/pom.xml.
Modify the version of the corresponding jar in tools/dependencies/known-dependencies.txt.
Modify the relevant jar version in the dolphinscheduler-dist/release-docs/LICENSE file.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [incubator-dolphinscheduler] CalvinKirs commented on issue #4144: There is a vulnerability in jackson-databind 2.9.8 ,upgrade recommended
Posted by GitBox <gi...@apache.org>.
CalvinKirs commented on issue #4144:
URL: https://github.com/apache/incubator-dolphinscheduler/issues/4144#issuecomment-737125215
> https://github.com/apache/incubator-dolphinscheduler/blob/aa0974fd1f759e96430d3f1b8dac291d6ea7388c/pom.xml#L68
>
> [CVE-2019-14379](https://github.com/advisories/GHSA-6fpp-rgj9-8rwc) [CVE-2019-14540](https://github.com/advisories/GHSA-h822-r4r5-v8jg) [CVE-2019-16335](https://github.com/advisories/GHSA-85cw-hj65-qqv9) [CVE-2019-16942](https://github.com/advisories/GHSA-mx7p-6679-8g3q) [CVE-2019-16943](https://github.com/advisories/GHSA-fmmc-742q-jg75)
> Recommended upgrade version:
> 2.9.10.6
Thank you so much for your feedback
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org