You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@avro.apache.org by "Rajiv Bandi (Jira)" <ji...@apache.org> on 2021/11/22 14:57:00 UTC
[jira] [Comment Edited] (AVRO-3213) Update commons-compress to version 1.21
[ https://issues.apache.org/jira/browse/AVRO-3213?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17447453#comment-17447453 ]
Rajiv Bandi edited comment on AVRO-3213 at 11/22/21, 2:56 PM:
--------------------------------------------------------------
This has got fixed with 1.11.0.
Updates are tagged to AVRO-3215
--------------
Not sure why this was not picked up.
I am new here.
Please let me know what I missed in the process to get the right attention.
Thank you
Rajiv
was (Author: rajivbandi):
This has got fixed with 1.11.0.
Updates are tagged to AVRO-3215
--------------
Not sure why this was not picked up.
I am new here. Please let me know if I did not put the right tags.
> Update commons-compress to version 1.21
> ---------------------------------------
>
> Key: AVRO-3213
> URL: https://issues.apache.org/jira/browse/AVRO-3213
> Project: Apache Avro
> Issue Type: Improvement
> Components: dependencies, java
> Affects Versions: 1.10.0, 1.10.1, 1.10.2
> Reporter: Rajiv Bandi
> Priority: Major
> Labels: security
> Fix For: 1.11.0
>
>
> Please upgrade Apache Commons Compress to version 1.21 as current version in avro v1.10.x (commons-compress v1.20) has 4 High vulnerabilities [CVE-2021-35515|https://github.com/advisories/GHSA-7hfm-57qf-j43q], [CVE-2021-35516|https://github.com/advisories/GHSA-crv7-7245-f45f], [CVE-2021-35517|https://github.com/advisories/GHSA-xqfj-vm6h-2x34] and [CVE-2021-36090|https://github.com/advisories/GHSA-mc84-pj99-q6hh]
--
This message was sent by Atlassian Jira
(v8.20.1#820001)