You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@doris.apache.org by GitBox <gi...@apache.org> on 2023/01/04 03:05:43 UTC
[GitHub] [doris] yangzan66 opened a new issue, #15587: [Feature] use newer jar versions to reduce vulnerabilities in the furture doris version
yangzan66 opened a new issue, #15587:
URL: https://github.com/apache/doris/issues/15587
### Search before asking
- [X] I had searched in the [issues](https://github.com/apache/doris/issues?q=is%3Aissue) and found no similar issues.
### Description
The following packages have java vulnerabilities in apache-doris-1.1.5:
apache-doris-fe/lib/jackson-databind-2.12.1.jar
apache_hdfs_broker/lib/jackson-databind-2.7.8.jar
apache_hdfs_broker/lib/jackson-databind-2.2.3.jar
apache-doris-fe-1.1.5-bin/lib/velocity-1.5.jar
apache-doris-fe-1.1.5-bin/lib/hadoop-common-2.8.0.jar
apache_hdfs_broker/lib/hadoop-common-2.8.3.jar
apache_hdfs_broker/lib/hadoop-common-2.9.1.jar
apache_hdfs_broker/lib/hadoop-common-2.7.3.jar
Can you use newer jar versions to reduce vulnerabilities in the furture doris version? thank you
### Use case
have java vulnerabilities
### Related issues
_No response_
### Are you willing to submit PR?
- [ ] Yes I am willing to submit a PR!
### Code of Conduct
- [X] I agree to follow this project's [Code of Conduct](https://www.apache.org/foundation/policies/conduct)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@doris.apache.org.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@doris.apache.org
For additional commands, e-mail: commits-help@doris.apache.org