You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@iotdb.apache.org by "Xiangdong Huang (Jira)" <ji...@apache.org> on 2021/10/05 03:00:07 UTC
[jira] [Created] (IOTDB-1792) fix CVE issues caused by dependencies
Xiangdong Huang created IOTDB-1792:
--------------------------------------
Summary: fix CVE issues caused by dependencies
Key: IOTDB-1792
URL: https://issues.apache.org/jira/browse/IOTDB-1792
Project: Apache IoTDB
Issue Type: Task
Reporter: Xiangdong Huang
As IoTDB-session depends libthrift, which depends tomcat-embed, there may be some CVE issues.
Besides, some the version of some transitive dependencies are not consistent, e.g., httpclient 4.5.13 and 4.5.12
So, we need to upgrade dependencies and let the following check passed:
mvn validate -P enforce
--
This message was sent by Atlassian Jira
(v8.3.4#803005)