Daniel Gomez created CASSANDRA-16734:
----------------------------------------
Summary: Remediate Cassandra 3.11.10 JAR dependency
vulnerabilities
Key: CASSANDRA-16734
URL: https://issues.apache.org/jira/browse/CASSANDRA-16734
Project: Cassandra
Issue Type: Improvement
Components: Dependencies
Reporter: Daniel Gomez
Several JAR dependencies are flagged in Cassandra 3.11.10 as having
vulnerabilities that have been fixed in newer releases.
The following is the Cassandra 3.11.10 source tree for their JAR dependencies:
[https://github.com/apache/cassandra/tree/181a4969290f1c756089b2993a638fe403bc1314/lib]
A possible fix strategy is to simply update the JARs to their newest version.
See the JAR files available for each vulnerable library:
* SeeĀ
[https://mvnrepository.com/artifact/com.fasterxml.jackson.core/jackson-databind/2.9.10.8]
* See [https://mvnrepository.com/artifact/io.netty/netty-all/4.1.65.Final]
* See [https://mvnrepository.com/artifact/org.apache.thrift/libthrift/0.9.3-1]
* See
[https://mvnrepository.com/artifact/com.thinkaurelius.thrift/thrift-server/0.3.9]
* See [https://mvnrepository.com/artifact/com.google.guava/guava/30.1.1-jre]
* See [https://mvnrepository.com/artifact/ch.qos.logback/logback-core/1.2.3]
* See [https://mvnrepository.com/artifact/org.yaml/snakeyaml/1.29]
* See [https://mvnrepository.com/artifact/commons-codec/commons-codec/1.15]
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
