You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@impala.apache.org by "Joe McDonnell (Jira)" <ji...@apache.org> on 2022/04/06 16:23:00 UTC

[jira] [Created] (IMPALA-11229) Upgrade spring version to 5.3.17 to address CVEs

Joe McDonnell created IMPALA-11229:
--------------------------------------

             Summary: Upgrade spring version to 5.3.17 to address CVEs
                 Key: IMPALA-11229
                 URL: https://issues.apache.org/jira/browse/IMPALA-11229
             Project: IMPALA
          Issue Type: Task
          Components: Frontend
    Affects Versions: Impala 4.1.0
            Reporter: Joe McDonnell


The current version of Spring that we use is subject to some vulnerabilities that were announced recently (CVE-2022-22965, CVE-2022-22950, CVE-2021-22060). We should upgrade to 5.3.17 to address these CVEs.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)