You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@ignite.apache.org by "Ignite TC Bot (Jira)" <ji...@apache.org> on 2021/01/26 17:34:00 UTC
[jira] [Commented] (IGNITE-13601) Ignite-rest-http and
ignite-kubernetes include vulnerable dependencies
[ https://issues.apache.org/jira/browse/IGNITE-13601?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17272276#comment-17272276 ]
Ignite TC Bot commented on IGNITE-13601:
----------------------------------------
{panel:title=Branch: [pull/8702/head] Base: [master] : Possible Blockers (6)|borderStyle=dashed|borderColor=#ccc|titleBGColor=#F7D6C1}
{color:#d04437}Control Utility{color} [[tests 0 TIMEOUT , Exit Code |https://ci.ignite.apache.org/viewLog.html?buildId=5844278]]
{color:#d04437}Platform .NET (Long Running){color} [[tests 1|https://ci.ignite.apache.org/viewLog.html?buildId=5844263]]
* exe: PeerAssemblyLoadingAllApisTest.TestComputeAffinityCall(True,True) - Test has low fail rate in base branch 0,0% and is not flaky
{color:#d04437}JDBC Driver{color} [[tests 2|https://ci.ignite.apache.org/viewLog.html?buildId=5844207]]
* IgniteJdbcDriverTestSuite: JdbcThinConnectionSSLTest.testDisabledCustomCipher - Test has low fail rate in base branch 0,0% and is not flaky
* IgniteJdbcDriverTestSuite: JdbcThinConnectionSSLTest.testUnsupportedCustomCipher - Test has low fail rate in base branch 0,0% and is not flaky
{color:#d04437}Activate / Deactivate Cluster{color} [[tests 1|https://ci.ignite.apache.org/viewLog.html?buildId=5844189]]
* IgniteStandByClusterSuite: IgniteStandByClientReconnectTest.testInActiveClientReconnectToInActiveCluster - Test has low fail rate in base branch 0,0% and is not flaky
{color:#d04437}Basic 2{color} [[tests 1|https://ci.ignite.apache.org/viewLog.html?buildId=5844187]]
* IgniteComputeBasicConfigVariationsFullApiTestSuite: IgniteComputeConfigVariationsFullApiTest_17.testDeployExecuteByName - Test has low fail rate in base branch 0,0% and is not flaky
{panel}
{panel:title=Branch: [pull/8702/head] Base: [master] : No new tests found!|borderStyle=dashed|borderColor=#ccc|titleBGColor=#F7D6C1}{panel}
[TeamCity *--> Run :: All* Results|https://ci.ignite.apache.org/viewLog.html?buildId=5844284&buildTypeId=IgniteTests24Java8_RunAll]
> Ignite-rest-http and ignite-kubernetes include vulnerable dependencies
> ----------------------------------------------------------------------
>
> Key: IGNITE-13601
> URL: https://issues.apache.org/jira/browse/IGNITE-13601
> Project: Ignite
> Issue Type: Bug
> Components: rest
> Affects Versions: 2.8.1
> Reporter: Andrew Story
> Assignee: Igor Baryshnikov
> Priority: Blocker
> Labels: 2.9.1-rc
> Time Spent: 40m
> Remaining Estimate: 0h
>
> The ignite-rest-http and ignite-kubernetes modules include a vulnerable version of the jackson-databind library. This was spotted in 2.8.1.
> This component jackson-databind-2.9.6.jar is flagged as having numerous
> critical, high and medium security vulnerabilities, one of which is
> described here:
> [https://nvd.nist.gov/vuln/detail/CVE-2019-14540]
> More here:
> [http://apache-ignite-users.70518.x6.nabble.com/Critical-security-vulnerability-for-opt-ignite-apache-ignite-libs-optional-ignite-rest-http-jackson-r-td34032.html]
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)