You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@cassandra.apache.org by "David Capwell (Jira)" <ji...@apache.org> on 2020/05/05 16:14:00 UTC

[jira] [Updated] (CASSANDRA-15785) 3.11.6 Image Vulnerabilities

     [ https://issues.apache.org/jira/browse/CASSANDRA-15785?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

David Capwell updated CASSANDRA-15785:
--------------------------------------
    Resolution: Won't Fix
        Status: Resolved  (was: Triage Needed)

We spoke about this in Slack, the Bitnami image is not owned by this project and the linked dependencies are not directly used by Apache Cassandra, so this issue should move to Bitnami's repo for reporting.

> 3.11.6 Image Vulnerabilities
> ----------------------------
>
>                 Key: CASSANDRA-15785
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-15785
>             Project: Cassandra
>          Issue Type: Bug
>          Components: Build
>            Reporter: Gil Tohar
>            Priority: Normal
>         Attachments: Screen Shot 2020-05-04 at 1.44.19 PM.png
>
>
> My team has taken the Bitnami Cassandra image, 3.11.6, and scanned it using our image vulnerability scanner, and discovered 4 issues. These are CVE-2019-5436, CVE-2019-5481, CVE-2019-5482, CVE-2020-1967. The solutions entail updating 1) curl and 2) openssl in the image, as described in the attached image.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cassandra.apache.org
For additional commands, e-mail: commits-help@cassandra.apache.org