You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@atlas.apache.org by "chaitali borole (Jira)" <ji...@apache.org> on 2020/10/22 05:46:00 UTC
[jira] [Created] (ATLAS-4002) Upgrade commons-beanutils to 1.9.4
due to CVE-2019-10086
chaitali borole created ATLAS-4002:
--------------------------------------
Summary: Upgrade commons-beanutils to 1.9.4 due to CVE-2019-10086
Key: ATLAS-4002
URL: https://issues.apache.org/jira/browse/ATLAS-4002
Project: Atlas
Issue Type: Improvement
Reporter: chaitali borole
Assignee: chaitali borole
Atlas is currently pulling in commons-beanutils 1.9.3 through atlas-repository
We need to update opencsv jar version to 5.0 for the same
commons-beanutils <1.9.4 is vulnerable to CVE-2019-10086
...
[INFO] +- com.opencsv:opencsv:jar:4.6:compile
[INFO] | +- org.apache.commons:commons-text:jar:1.3:compile
[INFO] | +- commons-beanutils:commons-beanutils:jar:1.9.3:compile
[INFO] | \- org.apache.commons:commons-collections4:jar:4.4:compile
...
--
This message was sent by Atlassian Jira
(v8.3.4#803005)