Kshitiz Saxena created CASSANDRA-15856: ------------------------------------------
Summary: Security vulnerabilities with dependency jars of Cassandra 3.11.6 Key: CASSANDRA-15856 URL: https://issues.apache.org/jira/browse/CASSANDRA-15856 Project: Cassandra Issue Type: Task Reporter: Kshitiz Saxena The latest release of Cassandra 3.11.6 has few dependency jars which have some security vulnerabilities. Apache Thrift (org.apache.thrift:libthrift:0.9.2) has below mentioned security vulnerabilities reported |+[https://nvd.nist.gov/vuln/detail/CVE-2016-5397]+| |+[https://nvd.nist.gov/vuln/detail/CVE-2018-1320]+| |+[https://nvd.nist.gov/vuln/detail/CVE-2019-0205]+| Netty Project (io.netty:netty-all:4.0.44.Final) has below mentioned security vulnerabilities reported |+[https://nvd.nist.gov/vuln/detail/CVE-2019-16869]+| |+[https://nvd.nist.gov/vuln/detail/CVE-2019-20444]+| |+[https://nvd.nist.gov/vuln/detail/CVE-2019-20445]+| Is there a plan to upgrade these jars in any upcoming release? -- This message was sent by Atlassian Jira (v8.3.4#803005) --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org