You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cassandra.apache.org by "Benjamin Lerer (Jira)" <ji...@apache.org> on 2020/06/30 15:06:00 UTC
[jira] [Updated] (CASSANDRA-15856) Security vulnerabilities with
dependency jars of Cassandra 3.11.6
[ https://issues.apache.org/jira/browse/CASSANDRA-15856?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Benjamin Lerer updated CASSANDRA-15856:
---------------------------------------
Fix Version/s: 3.11.x
> Security vulnerabilities with dependency jars of Cassandra 3.11.6
> ------------------------------------------------------------------
>
> Key: CASSANDRA-15856
> URL: https://issues.apache.org/jira/browse/CASSANDRA-15856
> Project: Cassandra
> Issue Type: Task
> Reporter: Kshitiz Saxena
> Priority: Normal
> Fix For: 3.11.x
>
>
> The latest release of Cassandra 3.11.6 has few dependency jars which have some security vulnerabilities.
>
> Apache Thrift (org.apache.thrift:libthrift:0.9.2) has below mentioned security vulnerabilities reported
> |+[https://nvd.nist.gov/vuln/detail/CVE-2016-5397]+|
> |+[https://nvd.nist.gov/vuln/detail/CVE-2018-1320]+|
> |+[https://nvd.nist.gov/vuln/detail/CVE-2019-0205]+|
>
> Netty Project (io.netty:netty-all:4.0.44.Final) has below mentioned security vulnerabilities reported
> |+[https://nvd.nist.gov/vuln/detail/CVE-2019-16869]+|
> |+[https://nvd.nist.gov/vuln/detail/CVE-2019-20444]+|
> |+[https://nvd.nist.gov/vuln/detail/CVE-2019-20445]+|
>
> Is there a plan to upgrade these jars in any upcoming release?
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cassandra.apache.org
For additional commands, e-mail: commits-help@cassandra.apache.org