You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@iotdb.apache.org by "Xiangdong Huang (Jira)" <ji...@apache.org> on 2021/10/05 03:00:07 UTC

[jira] [Created] (IOTDB-1792) fix CVE issues caused by dependencies

Xiangdong Huang created IOTDB-1792:
--------------------------------------

             Summary: fix CVE issues caused by dependencies
                 Key: IOTDB-1792
                 URL: https://issues.apache.org/jira/browse/IOTDB-1792
             Project: Apache IoTDB
          Issue Type: Task
            Reporter: Xiangdong Huang


As IoTDB-session depends libthrift, which depends tomcat-embed, there may be some CVE issues.

Besides, some the version of some transitive  dependencies are not consistent, e.g., httpclient 4.5.13 and 4.5.12

So, we need to upgrade dependencies and let the following check passed:

mvn validate -P enforce




--
This message was sent by Atlassian Jira
(v8.3.4#803005)