You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@cassandra.apache.org by "Phyllis Li (Jira)" <ji...@apache.org> on 2022/01/03 19:04:00 UTC

[jira] [Updated] (CASSANDRA-17231) Usage of old dependencies which contains vulnerable dependencies.

     [ https://issues.apache.org/jira/browse/CASSANDRA-17231?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Phyllis Li updated CASSANDRA-17231:
-----------------------------------
    Fix Version/s: 4.x

> Usage of old dependencies which contains vulnerable dependencies.
> -----------------------------------------------------------------
>
>                 Key: CASSANDRA-17231
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-17231
>             Project: Cassandra
>          Issue Type: Bug
>          Components: Dependencies
>            Reporter: Phyllis Li
>            Assignee: Phyllis Li
>            Priority: Normal
>             Fix For: 4.x
>
>
> The current Cassandra driver version is 3.11.0, which uses a vulnerable version of jackson-databind.
> We may want to switch to the re-branded com.datastax.oss:java-driver-core 4.13.0.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cassandra.apache.org
For additional commands, e-mail: commits-help@cassandra.apache.org