You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@brooklyn.apache.org by GitBox <gi...@apache.org> on 2019/02/11 15:26:03 UTC

[GitHub] kemitix opened a new pull request #1041: [WIP] [Security] Bump commons-compress from 1.4 to 1.18

kemitix opened a new pull request #1041: [WIP] [Security] Bump commons-compress from 1.4 to 1.18
URL: https://github.com/apache/brooklyn-server/pull/1041
 
 
   Bumps commons-compress from 1.4 to 1.18. **This update includes security fixes.**
   <details>
   <summary>Vulnerabilities fixed</summary>
   
   *Sourced from [The Sonatype OSS Index](https://ossindex.sonatype.org/vuln/c30fadee-a5fc-47e5-9b28-3bd160719296).*
   
   > **[CVE-2012-2098]  Cryptographic Issues**
   > Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress before 1.4.1 allows remote attackers to cause a denial of service (CPU consumption) via a file with many repeating inputs.
   > 
   > Affected versions: <= 1.4.0
   
   </details>

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services