You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@tinkerpop.apache.org by GitBox <gi...@apache.org> on 2019/09/24 01:39:49 UTC

[GitHub] [tinkerpop] robertdale commented on issue #1199: Upgrade commons-compress to version 1.19 due to CVE-2018-11771

robertdale commented on issue #1199: Upgrade commons-compress to version 1.19 due to CVE-2018-11771
URL: https://github.com/apache/tinkerpop/pull/1199#issuecomment-534350614
 
 
   VOTE +0
   I'm not against the change but in the grand scheme of things it does very little.  Between spark, sparql, and hadoop -gremlins, there are multiple high and medium severity issues.  Unfortunately, the versions we use or their transitive dependencies aren't really maintained any more hence the difficulty, even impossibility, in trying to update any of them.

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services