You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@druid.apache.org by GitBox <gi...@apache.org> on 2021/08/10 18:45:49 UTC

[GitHub] [druid] jon-wei opened a new pull request #11572: Suppress CVEs for jdom2, kafka-clients, libthrift, solr-solrj

jon-wei opened a new pull request #11572:
URL: https://github.com/apache/druid/pull/11572


   This PR suppresses the current reported CVEs, with reasoning in the suppression file:
   
   ```
   [ERROR] One or more dependencies were identified with vulnerabilities that have a CVSS score greater than or equal to '7.0': 
   [ERROR] 
   [ERROR] jdom2-2.0.6.jar: CVE-2021-33813
   [ERROR] kafka-clients-2.0.0.jar: CVE-2019-12399, CVE-2018-17196
   [ERROR] libthrift-0.13.0.jar: CVE-2020-13949
   [ERROR] solr-solrj-7.7.1.jar: CVE-2021-29943, CVE-2021-27905, CVE-2021-29262
   ```
   
   This PR has:
   - [x] been self-reviewed.
   - [ ] added documentation for new or modified features or behaviors.
   - [ ] added Javadocs for most classes and all non-trivial methods. Linked related entities via Javadoc links.
   - [ ] added or updated version, license, or notice information in [licenses.yaml](https://github.com/apache/druid/blob/master/dev/license.md)
   - [x] added comments explaining the "why" and the intent of the code wherever would not be obvious for an unfamiliar reader.
   - [ ] added unit tests or modified existing tests to cover new code paths, ensuring the threshold for [code coverage](https://github.com/apache/druid/blob/master/dev/code-review/code-coverage.md) is met.
   - [ ] added integration tests.
   - [ ] been tested in a test Druid cluster.
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@druid.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@druid.apache.org
For additional commands, e-mail: commits-help@druid.apache.org

[GitHub] [druid] abhishekagarwal87 merged pull request #11572: Suppress CVEs for jdom2, kafka-clients, libthrift, solr-solrj

Posted by GitBox <gi...@apache.org>.

abhishekagarwal87 merged pull request #11572:
URL: https://github.com/apache/druid/pull/11572


   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@druid.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@druid.apache.org
For additional commands, e-mail: commits-help@druid.apache.org