You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@submarine.apache.org by "Lisa Chang (Jira)" <ji...@apache.org> on 2020/12/18 09:17:00 UTC
[jira] [Updated] (SUBMARINE-696) Vulnerability upgrade recommended
[ https://issues.apache.org/jira/browse/SUBMARINE-696?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Lisa Chang updated SUBMARINE-696:
---------------------------------
Description:
codehaus-jackson version:
[https://github.com/apache/submarine/blob/3041ef26ad04c0bddd2257a28694aa4e2b4cc837/pom.xml#L120]
[CVE-2017-15095|https://github.com/advisories/GHSA-h592-38cm-4ggp]] [CVE-2018-7489|https://github.com/advisories/GHSA-cggj-fvv3-cqwv]] [CVE-2019-14540|https://github.com/advisories/GHSA-h822-r4r5-v8jg]] [CVE-2019-16335|https://github.com/advisories/GHSA-85cw-hj65-qqv9]] [CVE-2019-17267|https://github.com/advisories/GHSA-f3j5-rmmp-3fc5]] [CVE-2019-14893|https://github.com/advisories/GHSA-qmqc-x3r4-6v39]] [CVE-2018-5968|https://github.com/advisories/GHSA-w3f4-3q6j-rh82]] [CVE-2019-10172|https://github.com/advisories/GHSA-r6j9-8759-g62w]] [CVE-2018-1000873|https://github.com/advisories/GHSA-h4x4-5qp2-wp46]]
Recommended upgrade version:2.6.7.4
---------------------------------------------------------------------------------------------------------
solr version:
[https://github.com/apache/submarine/blob/3041ef26ad04c0bddd2257a28694aa4e2b4cc837/submarine-security/spark-security/pom.xml#L53]
[CVE-2019-0192|https://github.com/advisories/GHSA-xhcq-fv7x-grr2]] [CVE-2017-3164|https://github.com/advisories/GHSA-vrh8-27q8-fr8f]] [CVE-2019-0193|https://github.com/advisories/GHSA-3gm7-v7vw-866c]] [CVE-2019-17558|https://github.com/advisories/GHSA-ww97-9w65-2crx]] CVE-2020-13941
Recommended upgrade version:
8.4.1.7.1.3.3-3
---------------------------------------------------------------------------------------------------------
spark version:
[https://github.com/apache/submarine/blob/3041ef26ad04c0bddd2257a28694aa4e2b4cc837/submarine-security/spark-security/pom.xml#L54]
CVE-2020-9480
Recommended upgrade version:
2.4.0.7.1.1.2007-6
---------------------------------------------------------------------------------------------------------
jetty version:
[https://github.com/apache/submarine/blob/3041ef26ad04c0bddd2257a28694aa4e2b4cc837/pom.xml#L72]
[CVE-2020-27216|https://github.com/advisories/GHSA-g3wg-6mcf-8jj6]
Recommended upgrade version:
9.4.35.v20201120
---------------------------------------------------------------------------------------------------------
mysql-connector-java version:
[https://github.com/apache/submarine/blob/3041ef26ad04c0bddd2257a28694aa4e2b4cc837/pom.xml#L85]
CVE-2017-3523 CVE-2018-3258 CVE-2017-3586
Recommended upgrade version:
8.0.20
---------------------------------------------------------------------------------------------------------
snakeyaml version
[https://github.com/apache/submarine/blob/3041ef26ad04c0bddd2257a28694aa4e2b4cc837/pom.xml#L100]
CVE-2017-18640
Recommended upgrade version:
1.26
was:
codehaus-jackson version:
[https://github.com/apache/submarine/blob/3041ef26ad04c0bddd2257a28694aa4e2b4cc837/pom.xml#L120]
[[CVE-2017-15095|https://github.com/advisories/GHSA-h592-38cm-4ggp]|https://github.com/advisories/GHSA-h592-38cm-4ggp] [[CVE-2018-7489|https://github.com/advisories/GHSA-cggj-fvv3-cqwv]|https://github.com/advisories/GHSA-cggj-fvv3-cqwv] [[CVE-2019-14540|https://github.com/advisories/GHSA-h822-r4r5-v8jg]|https://github.com/advisories/GHSA-h822-r4r5-v8jg] [[CVE-2019-16335|https://github.com/advisories/GHSA-85cw-hj65-qqv9]|https://github.com/advisories/GHSA-85cw-hj65-qqv9] [[CVE-2019-17267|https://github.com/advisories/GHSA-f3j5-rmmp-3fc5]|https://github.com/advisories/GHSA-f3j5-rmmp-3fc5] [[CVE-2019-14893|https://github.com/advisories/GHSA-qmqc-x3r4-6v39]|https://github.com/advisories/GHSA-qmqc-x3r4-6v39] [[CVE-2018-5968|https://github.com/advisories/GHSA-w3f4-3q6j-rh82]|https://github.com/advisories/GHSA-w3f4-3q6j-rh82] [[CVE-2019-10172|https://github.com/advisories/GHSA-r6j9-8759-g62w]|https://github.com/advisories/GHSA-r6j9-8759-g62w] [[CVE-2018-1000873|https://github.com/advisories/GHSA-h4x4-5qp2-wp46]|https://github.com/advisories/GHSA-h4x4-5qp2-wp46]
Recommended upgrade version:2.6.7.4
---------------------------------------------------------------------------------------------------------
solr version:
[https://github.com/apache/submarine/blob/3041ef26ad04c0bddd2257a28694aa4e2b4cc837/submarine-security/spark-security/pom.xml#L53]
[[CVE-2019-0192|https://github.com/advisories/GHSA-xhcq-fv7x-grr2]|https://github.com/advisories/GHSA-xhcq-fv7x-grr2] [[CVE-2017-3164|https://github.com/advisories/GHSA-vrh8-27q8-fr8f]|https://github.com/advisories/GHSA-vrh8-27q8-fr8f] [[CVE-2019-0193|https://github.com/advisories/GHSA-3gm7-v7vw-866c]|https://github.com/advisories/GHSA-3gm7-v7vw-866c] [[CVE-2019-17558|https://github.com/advisories/GHSA-ww97-9w65-2crx]|https://github.com/advisories/GHSA-ww97-9w65-2crx] CVE-2020-13941
Recommended upgrade version:
8.4.1.7.1.3.3-3
---------------------------------------------------------------------------------------------------------
spark version:
[https://github.com/apache/submarine/blob/3041ef26ad04c0bddd2257a28694aa4e2b4cc837/submarine-security/spark-security/pom.xml#L54]
CVE-2020-9480
Recommended upgrade version:
2.4.0.7.1.1.2007-6
---------------------------------------------------------------------------------------------------------
jetty version:
[https://github.com/apache/submarine/blob/3041ef26ad04c0bddd2257a28694aa4e2b4cc837/pom.xml#L72]
[CVE-2020-27216|https://github.com/advisories/GHSA-g3wg-6mcf-8jj6]
Recommended upgrade version:
9.4.35.v20201120
---------------------------------------------------------------------------------------------------------
mysql-connector-java version:
[https://github.com/apache/submarine/blob/3041ef26ad04c0bddd2257a28694aa4e2b4cc837/pom.xml#L85]
CVE-2017-3523 CVE-2018-3258 CVE-2017-3586
Recommended upgrade version:
8.0.20
---------------------------------------------------------------------------------------------------------
snakeyaml version
[https://github.com/apache/submarine/blob/3041ef26ad04c0bddd2257a28694aa4e2b4cc837/pom.xml#L100]
CVE-2017-18640
Recommended upgrade version:
1.26
> Vulnerability upgrade recommended
> ---------------------------------
>
> Key: SUBMARINE-696
> URL: https://issues.apache.org/jira/browse/SUBMARINE-696
> Project: Apache Submarine
> Issue Type: Improvement
> Reporter: Lisa Chang
> Priority: Trivial
>
> codehaus-jackson version:
> [https://github.com/apache/submarine/blob/3041ef26ad04c0bddd2257a28694aa4e2b4cc837/pom.xml#L120]
> [CVE-2017-15095|https://github.com/advisories/GHSA-h592-38cm-4ggp]] [CVE-2018-7489|https://github.com/advisories/GHSA-cggj-fvv3-cqwv]] [CVE-2019-14540|https://github.com/advisories/GHSA-h822-r4r5-v8jg]] [CVE-2019-16335|https://github.com/advisories/GHSA-85cw-hj65-qqv9]] [CVE-2019-17267|https://github.com/advisories/GHSA-f3j5-rmmp-3fc5]] [CVE-2019-14893|https://github.com/advisories/GHSA-qmqc-x3r4-6v39]] [CVE-2018-5968|https://github.com/advisories/GHSA-w3f4-3q6j-rh82]] [CVE-2019-10172|https://github.com/advisories/GHSA-r6j9-8759-g62w]] [CVE-2018-1000873|https://github.com/advisories/GHSA-h4x4-5qp2-wp46]]
> Recommended upgrade version:2.6.7.4
> ---------------------------------------------------------------------------------------------------------
> solr version:
> [https://github.com/apache/submarine/blob/3041ef26ad04c0bddd2257a28694aa4e2b4cc837/submarine-security/spark-security/pom.xml#L53]
> [CVE-2019-0192|https://github.com/advisories/GHSA-xhcq-fv7x-grr2]] [CVE-2017-3164|https://github.com/advisories/GHSA-vrh8-27q8-fr8f]] [CVE-2019-0193|https://github.com/advisories/GHSA-3gm7-v7vw-866c]] [CVE-2019-17558|https://github.com/advisories/GHSA-ww97-9w65-2crx]] CVE-2020-13941
> Recommended upgrade version:
> 8.4.1.7.1.3.3-3
> ---------------------------------------------------------------------------------------------------------
> spark version:
> [https://github.com/apache/submarine/blob/3041ef26ad04c0bddd2257a28694aa4e2b4cc837/submarine-security/spark-security/pom.xml#L54]
> CVE-2020-9480
> Recommended upgrade version:
> 2.4.0.7.1.1.2007-6
> ---------------------------------------------------------------------------------------------------------
> jetty version:
> [https://github.com/apache/submarine/blob/3041ef26ad04c0bddd2257a28694aa4e2b4cc837/pom.xml#L72]
> [CVE-2020-27216|https://github.com/advisories/GHSA-g3wg-6mcf-8jj6]
> Recommended upgrade version:
> 9.4.35.v20201120
> ---------------------------------------------------------------------------------------------------------
> mysql-connector-java version:
> [https://github.com/apache/submarine/blob/3041ef26ad04c0bddd2257a28694aa4e2b4cc837/pom.xml#L85]
> CVE-2017-3523 CVE-2018-3258 CVE-2017-3586
> Recommended upgrade version:
> 8.0.20
> ---------------------------------------------------------------------------------------------------------
> snakeyaml version
> [https://github.com/apache/submarine/blob/3041ef26ad04c0bddd2257a28694aa4e2b4cc837/pom.xml#L100]
> CVE-2017-18640
> Recommended upgrade version:
> 1.26
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@submarine.apache.org
For additional commands, e-mail: dev-help@submarine.apache.org