You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@submarine.apache.org by "Lisa Chang (Jira)" <ji...@apache.org> on 2020/12/18 09:16:00 UTC
[jira] [Created] (SUBMARINE-696) Vulnerability upgrade recommended
Lisa Chang created SUBMARINE-696:
------------------------------------
Summary: Vulnerability upgrade recommended
Key: SUBMARINE-696
URL: https://issues.apache.org/jira/browse/SUBMARINE-696
Project: Apache Submarine
Issue Type: Improvement
Reporter: Lisa Chang
codehaus-jackson version:
[https://github.com/apache/submarine/blob/3041ef26ad04c0bddd2257a28694aa4e2b4cc837/pom.xml#L120]
[[CVE-2017-15095|https://github.com/advisories/GHSA-h592-38cm-4ggp]|https://github.com/advisories/GHSA-h592-38cm-4ggp] [[CVE-2018-7489|https://github.com/advisories/GHSA-cggj-fvv3-cqwv]|https://github.com/advisories/GHSA-cggj-fvv3-cqwv] [[CVE-2019-14540|https://github.com/advisories/GHSA-h822-r4r5-v8jg]|https://github.com/advisories/GHSA-h822-r4r5-v8jg] [[CVE-2019-16335|https://github.com/advisories/GHSA-85cw-hj65-qqv9]|https://github.com/advisories/GHSA-85cw-hj65-qqv9] [[CVE-2019-17267|https://github.com/advisories/GHSA-f3j5-rmmp-3fc5]|https://github.com/advisories/GHSA-f3j5-rmmp-3fc5] [[CVE-2019-14893|https://github.com/advisories/GHSA-qmqc-x3r4-6v39]|https://github.com/advisories/GHSA-qmqc-x3r4-6v39] [[CVE-2018-5968|https://github.com/advisories/GHSA-w3f4-3q6j-rh82]|https://github.com/advisories/GHSA-w3f4-3q6j-rh82] [[CVE-2019-10172|https://github.com/advisories/GHSA-r6j9-8759-g62w]|https://github.com/advisories/GHSA-r6j9-8759-g62w] [[CVE-2018-1000873|https://github.com/advisories/GHSA-h4x4-5qp2-wp46]|https://github.com/advisories/GHSA-h4x4-5qp2-wp46]
Recommended upgrade version:2.6.7.4
---------------------------------------------------------------------------------------------------------
solr version:
[https://github.com/apache/submarine/blob/3041ef26ad04c0bddd2257a28694aa4e2b4cc837/submarine-security/spark-security/pom.xml#L53]
[[CVE-2019-0192|https://github.com/advisories/GHSA-xhcq-fv7x-grr2]|https://github.com/advisories/GHSA-xhcq-fv7x-grr2] [[CVE-2017-3164|https://github.com/advisories/GHSA-vrh8-27q8-fr8f]|https://github.com/advisories/GHSA-vrh8-27q8-fr8f] [[CVE-2019-0193|https://github.com/advisories/GHSA-3gm7-v7vw-866c]|https://github.com/advisories/GHSA-3gm7-v7vw-866c] [[CVE-2019-17558|https://github.com/advisories/GHSA-ww97-9w65-2crx]|https://github.com/advisories/GHSA-ww97-9w65-2crx] CVE-2020-13941
Recommended upgrade version:
8.4.1.7.1.3.3-3
---------------------------------------------------------------------------------------------------------
spark version:
[https://github.com/apache/submarine/blob/3041ef26ad04c0bddd2257a28694aa4e2b4cc837/submarine-security/spark-security/pom.xml#L54]
CVE-2020-9480
Recommended upgrade version:
2.4.0.7.1.1.2007-6
---------------------------------------------------------------------------------------------------------
jetty version:
[https://github.com/apache/submarine/blob/3041ef26ad04c0bddd2257a28694aa4e2b4cc837/pom.xml#L72]
[CVE-2020-27216|https://github.com/advisories/GHSA-g3wg-6mcf-8jj6]
Recommended upgrade version:
9.4.35.v20201120
---------------------------------------------------------------------------------------------------------
mysql-connector-java version:
[https://github.com/apache/submarine/blob/3041ef26ad04c0bddd2257a28694aa4e2b4cc837/pom.xml#L85]
CVE-2017-3523 CVE-2018-3258 CVE-2017-3586
Recommended upgrade version:
8.0.20
---------------------------------------------------------------------------------------------------------
snakeyaml version
[https://github.com/apache/submarine/blob/3041ef26ad04c0bddd2257a28694aa4e2b4cc837/pom.xml#L100]
CVE-2017-18640
Recommended upgrade version:
1.26
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@submarine.apache.org
For additional commands, e-mail: dev-help@submarine.apache.org