You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@kylin.apache.org by PJ Fanning <fa...@apache.org> on 2022/05/19 15:18:50 UTC

Re: Re:issues with jar dependencies that have publicly announced security issues

Hi everyone,
https://github.com/apache/kylin/pull/1850 is still open. Could someone have a look?

Regards,
PJ

On 2022/04/17 22:21:08 PJ Fanning wrote:
> Hi everyone,
> I added https://github.com/apache/kylin/pull/1850 as a follow up. There are a lot of other libs that could be updated but this just a 2nd batch. Would someone be able to review it?
> 
> Regards,
> PJ
> 
> On 2022/04/06 09:28:07 Xiaoxiang Yu wrote:
> > Thanks for contribution, your patch is merged!
> > 
> > 
> > 
> > 
> > --
> > 
> > Best wishes to you ! 
> > From ：Xiaoxiang Yu
> > 
> > 
> > 
> > 
> > 
> > At 2022-04-05 23:28:51, "PJ Fanning" <fa...@apache.org> wrote:
> > >Hi everyone,
> > >I raised https://issues.apache.org/jira/browse/KYLIN-5159 a while ago.
> > >There are a lot of users, companies and government agencies looking at
> > >ASF projects and looking to ensure that there are no security issues
> > >in open source software.
> > >
> > >Would it be possible to collaborate with Kylin contributors to upgrade
> > >at least a few of the older dependencies?
> > >
> > >I have one open PR: https://github.com/apache/kylin/pull/1814
> > >
> > >That is just one of many that are needed. Dependabot is reporting a
> > >lott of other issues too.
> > >
> > >Regards,
> > >PJ
> > 
>