You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@dolphinscheduler.apache.org by GitBox <gi...@apache.org> on 2021/01/20 05:46:45 UTC

[GitHub] [incubator-dolphinscheduler] QiAnXinCodeSafe opened a new issue #4506: There is a vulnerability in beanutils 1.7.0,upgrade recommended

QiAnXinCodeSafe opened a new issue #4506:
URL: https://github.com/apache/incubator-dolphinscheduler/issues/4506


   https://github.com/apache/incubator-dolphinscheduler/blob/17c06ce966fc5c6a6136ee142e4698312fe6532f/pom.xml#L84
   
   CVE-2014-0114  CVE-2019-10086
   
   Recommended upgrade version：1.8.0~beta-1


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [incubator-dolphinscheduler] lgcareer closed issue #4506: There is a vulnerability in beanutils 1.7.0,upgrade recommended

Posted by GitBox <gi...@apache.org>.

lgcareer closed issue #4506:
URL: https://github.com/apache/incubator-dolphinscheduler/issues/4506


   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [incubator-dolphinscheduler] c-f-cooper commented on issue #4506: There is a vulnerability in beanutils 1.7.0,upgrade recommended

Posted by GitBox <gi...@apache.org>.

c-f-cooper commented on issue #4506:
URL: https://github.com/apache/incubator-dolphinscheduler/issues/4506#issuecomment-764639990






----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [incubator-dolphinscheduler] CalvinKirs commented on issue #4506: There is a vulnerability in beanutils 1.7.0,upgrade recommended

Posted by GitBox <gi...@apache.org>.

CalvinKirs commented on issue #4506:
URL: https://github.com/apache/incubator-dolphinscheduler/issues/4506#issuecomment-763522257


   Because the upgrade involves license, you can refer to the following article to modify it: https://dolphinscheduler.apache.org/zh-cn/community/development/DS-License.html


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [incubator-dolphinscheduler] c-f-cooper commented on issue #4506: There is a vulnerability in beanutils 1.7.0,upgrade recommended

Posted by GitBox <gi...@apache.org>.

c-f-cooper commented on issue #4506:
URL: https://github.com/apache/incubator-dolphinscheduler/issues/4506#issuecomment-764648240


   https://github.com/apache/incubator-dolphinscheduler/pull/4525


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [incubator-dolphinscheduler] c-f-cooper commented on issue #4506: There is a vulnerability in beanutils 1.7.0,upgrade recommended

Posted by GitBox <gi...@apache.org>.

c-f-cooper commented on issue #4506:
URL: https://github.com/apache/incubator-dolphinscheduler/issues/4506#issuecomment-763529470


   please assign to me


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [incubator-dolphinscheduler] c-f-cooper commented on issue #4506: There is a vulnerability in beanutils 1.7.0,upgrade recommended

Posted by GitBox <gi...@apache.org>.

c-f-cooper commented on issue #4506:
URL: https://github.com/apache/incubator-dolphinscheduler/issues/4506#issuecomment-764639990


   > CVE-2014-0114
   
   Hi~ ，I find the version of commons-beanutils is 1.8.0-BETA in the Maven Central Repository only.but not found 1.8.0~beta-1


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [incubator-dolphinscheduler] lgcareer closed issue #4506: There is a vulnerability in beanutils 1.7.0,upgrade recommended

Posted by GitBox <gi...@apache.org>.

lgcareer closed issue #4506:
URL: https://github.com/apache/incubator-dolphinscheduler/issues/4506


   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org