You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@tinkerpop.apache.org by GitBox <gi...@apache.org> on 2019/09/23 20:11:40 UTC

[GitHub] [tinkerpop] justinchuch opened a new pull request #1199: Upgrade commons-compress to version 1.19 due to CVE-2018-11771

justinchuch opened a new pull request #1199: Upgrade commons-compress to version 1.19 due to CVE-2018-11771
URL: https://github.com/apache/tinkerpop/pull/1199
 
 
   **CVE-2018-11771**
   
   According to sourceclear:
   
   https://www.sourceclear.com/vulnerability-database/security/denial-of-service-dos-/java/sid-7319
   
   `commons-compress` is vulnerable to denial of service (DoS) attacks.
   
   Although it looks like `hadoop-gremlin` does not use the library directly, but still may be worth upgrading it.
   
   Run `docker/build.sh -t -i` on my local, and the Reactor Summary reports `BUILD SUCCESS`.
   

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services