You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@eagle.apache.org by "Grainier Perera (Jira)" <ji...@apache.org> on 2019/11/08 09:39:00 UTC

[jira] [Created] (EAGLE-1103) Bump vulnerable dependency versions

Grainier Perera created EAGLE-1103:
--------------------------------------

             Summary: Bump vulnerable dependency versions
                 Key: EAGLE-1103
                 URL: https://issues.apache.org/jira/browse/EAGLE-1103
             Project: Eagle
          Issue Type: Sub-task
    Affects Versions: v0.5.0
            Reporter: Grainier Perera
            Assignee: Grainier Perera


h3. com.puppycrawl.tools:checkstyle
 * Vulnerabilities:
 ** CVE-2019-9658 (moderate severity)
 * Fix: bump version 7.1 to 8.18

h3. org.apache.hive:hive-jdbc
 * Vulnerabilities:
 ** CVE-2018-1314 (moderate severity)
 ** CVE-2018-1282 (high severity)
 * Fix: bump version *1.2.1 to 3.1.2*

h3. org.apache.hive:hive-exec
 * Vulnerabilities:
 ** CVE-2016-3083 (moderate severity)
 ** CVE-2018-11777 (moderate severity)
 ** CVE-2018-1284 (moderate severity)
 ** CVE-2015-7521 (high severity)
 * Fix: bump version *1.2.1 to 3.1.2*

h3. org.apache.tomcat.embed:tomcat-embed-core
 * Vulnerabilities:
 ** CVE-2018-8014 (high severity)
 ** CVE-2019-0232 (high severity)
 ** CVE-2019-0221 (moderate severity)
 ** CVE-2018-1336 (moderate severity)
 ** CVE-2018-1305 (moderate severity)
 ** CVE-2018-1304 (moderate severity)
 ** CVE-2018-11784 (moderate severity)
 ** CVE-2017-12615 (moderate severity)
 ** CVE-2018-8034 (low severity)
 * Fix: bump version to *7.0.94 or later*

h3. org.apache.storm:storm-core
 * Vulnerabilities:
 ** CVE-2018-1331 (high severity)
 ** CVE-2018-1332 (moderate severity)
 ** CVE-2018-8008 (moderate severity)
 * Fix: bump version to *1.1.3 or later*

h3. com.fasterxml.jackson.core:jackson-databind
 * Vulnerabilities:
 ** CVE-2019-14540 (critical severity)
 ** CVE-2019-16335 (critical severity)
 ** CVE-2019-14379 (critical severity)
 ** CVE-2018-11307 (critical severity)
 ** CVE-2019-14439 (high severity)
 ** CVE-2018-12022 (high severity)
 ** CVE-2017-17485 (high severity)
 ** CVE-2017-15095 (high severity)
 ** CVE-2018-7489 (high severity)
 ** CVE-2017-7525 (high severity)
 ** CVE-2019-16942 (moderate severity)
 ** CVE-2019-12814 (moderate severity)
 ** CVE-2019-12086 (moderate severity)
 ** CVE-2019-12384 (low severity)
 * Fix: bump version to *2.10.0 or later*



--
This message was sent by Atlassian Jira
(v8.3.4#803005)