You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@bookkeeper.apache.org by GitBox <gi...@apache.org> on 2021/09/14 10:24:05 UTC

[GitHub] [bookkeeper] RaulGracia opened a new issue #2791: Fix multiple CVEs related to library versions

RaulGracia opened a new issue #2791:
URL: https://github.com/apache/bookkeeper/issues/2791


   **BUG REPORT**
   
   ***Describe the bug***
   
   Bookkeeper contains multiple libraries with known vulnerabilities. With some minor library upgrades, most of these CVEs can be removed:
   
   (Commons IO)
   CVE-2021-29425   (BDSA-2021-0922)
   
   (Jetty)
   CVE-2021-34428   (BDSA-2021-1877)
   CVE-2021-28169 (BDSA-2021-1714)
   CVE-2021-28165 (BDSA-2021-0848)
   CVE-2021-28163 (BDSA-2021-0850)
   CVE-2020-27223 (BDSA-2020-4221)
   CVE-2020-27218 (BDSA-2020-3580)
   
   ***To Reproduce***
   
   Run security scan on Bookkeeper image.
   
   ***Expected behavior***
   
   Several CVEs can be removed.
   
   ***Screenshots***
   
   n/a
   
   ***Additional context***
   
   n/a


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@bookkeeper.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org