You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@airavata.apache.org by "PJ Fanning (Jira)" <ji...@apache.org> on 2022/03/17 12:36:00 UTC
[jira] [Created] (AIRAVATA-3590) airavata trunk has dependencies on multiple insecure jar dependencies
PJ Fanning created AIRAVATA-3590:
------------------------------------
Summary: airavata trunk has dependencies on multiple insecure jar dependencies
Key: AIRAVATA-3590
URL: https://issues.apache.org/jira/browse/AIRAVATA-3590
Project: Airavata
Issue Type: Bug
Reporter: PJ Fanning
I ran a dependabot analysis on github.
Major issues with old dependencies include:
* Shiro https://mvnrepository.com/artifact/org.apache.shiro/shiro-core
* log4j https://logging.apache.org/log4j/2.x/security.html
* httpclient https://github.com/pjfanning/airavata/security/dependabot/192
* commons-io https://github.com/advisories/GHSA-gwrp-pvrq-jmwv
* jackson - https://mvnrepository.com/artifact/com.fasterxml.jackson.core/jackson-databind
Many many more.
There are also issues with UI dependencies.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)