You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@atlas.apache.org by chaitali <ch...@freestoneinfotech.com> on 2020/10/22 13:38:28 UTC
Re: Review Request 72983: ATLAS-4002 : Upgrade commons-beanutils to
1.9.4 due to CVE-2019-10086
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72983/
-----------------------------------------------------------
(Updated Oct. 22, 2020, 1:38 p.m.)
Review request for atlas, Ashutosh Mestry, Jayendra Parab, Madhan Neethiraj, Nixon Rodrigues, and Sarath Subramanian.
Bugs: ATLAS-4002
https://issues.apache.org/jira/browse/ATLAS-4002
Repository: atlas
Description
-------
Atlas is currently pulling in commons-beanutils 1.9.3 through atlas-repository
We need to update opencsv jar version to 5.0 for the same
Upgrading opencsv jar to 5.0
commons-beanutils <1.9.4 is vulnerable to CVE-2019-10086
...
[INFO] +- com.opencsv:opencsv:jar:4.6:compile
[INFO] | +- org.apache.commons:commons-text:jar:1.3:compile
[INFO] | +- commons-beanutils:commons-beanutils:jar:1.9.3:compile
[INFO] | - org.apache.commons:commons-collections4:jar:4.4:compile
Diffs
-----
pom.xml b9242016b
repository/src/main/java/org/apache/atlas/util/FileUtils.java 66ade2640
Diff: https://reviews.apache.org/r/72983/diff/1/
Testing
-------
Tested with bulk upload feature for Businessmetadata and glossary
Thanks,
chaitali
Re: Review Request 72983: ATLAS-4002 : Upgrade commons-beanutils to
1.9.4 due to CVE-2019-10086
Posted by Madhan Neethiraj <ma...@apache.org>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72983/#review222098
-----------------------------------------------------------
Ship it!
Ship It!
- Madhan Neethiraj
On Oct. 22, 2020, 1:38 p.m., chaitali wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/72983/
> -----------------------------------------------------------
>
> (Updated Oct. 22, 2020, 1:38 p.m.)
>
>
> Review request for atlas, Ashutosh Mestry, Jayendra Parab, Madhan Neethiraj, Nixon Rodrigues, and Sarath Subramanian.
>
>
> Bugs: ATLAS-4002
> https://issues.apache.org/jira/browse/ATLAS-4002
>
>
> Repository: atlas
>
>
> Description
> -------
>
> Atlas is currently pulling in commons-beanutils 1.9.3 through atlas-repository
>
> We need to update opencsv jar version to 5.0 for the same
>
> Upgrading opencsv jar to 5.0
>
> commons-beanutils <1.9.4 is vulnerable to CVE-2019-10086
>
> ...
> [INFO] +- com.opencsv:opencsv:jar:4.6:compile
> [INFO] | +- org.apache.commons:commons-text:jar:1.3:compile
> [INFO] | +- commons-beanutils:commons-beanutils:jar:1.9.3:compile
> [INFO] | - org.apache.commons:commons-collections4:jar:4.4:compile
>
>
> Diffs
> -----
>
> pom.xml b9242016b
> repository/src/main/java/org/apache/atlas/util/FileUtils.java 66ade2640
>
>
> Diff: https://reviews.apache.org/r/72983/diff/1/
>
>
> Testing
> -------
>
> Tested with bulk upload feature for Businessmetadata and glossary
>
>
> Thanks,
>
> chaitali
>
>
Re: Review Request 72983: ATLAS-4002 : Upgrade commons-beanutils to
1.9.4 due to CVE-2019-10086
Posted by Sarath Subramanian <sa...@apache.org>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72983/#review222103
-----------------------------------------------------------
Ship it!
Ship It!
- Sarath Subramanian
On Oct. 22, 2020, 6:38 a.m., chaitali wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/72983/
> -----------------------------------------------------------
>
> (Updated Oct. 22, 2020, 6:38 a.m.)
>
>
> Review request for atlas, Ashutosh Mestry, Jayendra Parab, Madhan Neethiraj, Nixon Rodrigues, and Sarath Subramanian.
>
>
> Bugs: ATLAS-4002
> https://issues.apache.org/jira/browse/ATLAS-4002
>
>
> Repository: atlas
>
>
> Description
> -------
>
> Atlas is currently pulling in commons-beanutils 1.9.3 through atlas-repository
>
> We need to update opencsv jar version to 5.0 for the same
>
> Upgrading opencsv jar to 5.0
>
> commons-beanutils <1.9.4 is vulnerable to CVE-2019-10086
>
> ...
> [INFO] +- com.opencsv:opencsv:jar:4.6:compile
> [INFO] | +- org.apache.commons:commons-text:jar:1.3:compile
> [INFO] | +- commons-beanutils:commons-beanutils:jar:1.9.3:compile
> [INFO] | - org.apache.commons:commons-collections4:jar:4.4:compile
>
>
> Diffs
> -----
>
> pom.xml b9242016b
> repository/src/main/java/org/apache/atlas/util/FileUtils.java 66ade2640
>
>
> Diff: https://reviews.apache.org/r/72983/diff/1/
>
>
> Testing
> -------
>
> Tested with bulk upload feature for Businessmetadata and glossary
>
>
> Thanks,
>
> chaitali
>
>
Re: Review Request 72983: ATLAS-4002 : Upgrade commons-beanutils to
1.9.4 due to CVE-2019-10086
Posted by chaitali <ch...@freestoneinfotech.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72983/
-----------------------------------------------------------
(Updated Oct. 23, 2020, 9:20 a.m.)
Review request for atlas, Ashutosh Mestry, Jayendra Parab, Madhan Neethiraj, Nixon Rodrigues, and Sarath Subramanian.
Bugs: ATLAS-4002
https://issues.apache.org/jira/browse/ATLAS-4002
Repository: atlas
Description
-------
Atlas is currently pulling in commons-beanutils 1.9.3 through atlas-repository
We need to update opencsv jar version to 5.0 for the same
Upgrading opencsv jar to 5.0
commons-beanutils <1.9.4 is vulnerable to CVE-2019-10086
...
[INFO] +- com.opencsv:opencsv:jar:4.6:compile
[INFO] | +- org.apache.commons:commons-text:jar:1.3:compile
[INFO] | +- commons-beanutils:commons-beanutils:jar:1.9.3:compile
[INFO] | - org.apache.commons:commons-collections4:jar:4.4:compile
Diffs
-----
pom.xml b9242016b
repository/src/main/java/org/apache/atlas/util/FileUtils.java 66ade2640
Diff: https://reviews.apache.org/r/72983/diff/1/
Testing (updated)
-------
Tested with bulk upload feature for Businessmetadata and glossary
https://ci-builds.apache.org/job/Atlas/job/PreCommit-ATLAS-Build-Test/122/consoleFull
Thanks,
chaitali