[
https://issues.apache.org/jira/browse/CASSANDRA-16734?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Daniel Gomez updated CASSANDRA-16734:
-------------------------------------
Fix Version/s: 3.11.x
> Remediate Cassandra 3.11.10 JAR dependency vulnerabilities
> -----------------------------------------------------------
>
> Key: CASSANDRA-16734
> URL: https://issues.apache.org/jira/browse/CASSANDRA-16734
> Project: Cassandra
> Issue Type: Improvement
> Components: Dependencies
> Reporter: Daniel Gomez
> Priority: Normal
> Fix For: 3.11.x
>
>
> Several JAR dependencies are flagged in Cassandra 3.11.10 as having
> vulnerabilities that have been fixed in newer releases.
> The following is the Cassandra 3.11.10 source tree for their JAR
> dependencies:
> [https://github.com/apache/cassandra/tree/181a4969290f1c756089b2993a638fe403bc1314/lib]
> A possible fix strategy is to simply update the JARs to their newest version.
> See the JAR files available for each vulnerable library:
> * SeeĀ
> [https://mvnrepository.com/artifact/com.fasterxml.jackson.core/jackson-databind/2.9.10.8]
> * See [https://mvnrepository.com/artifact/io.netty/netty-all/4.1.65.Final]
> * See
> [https://mvnrepository.com/artifact/org.apache.thrift/libthrift/0.9.3-1]
> * See
> [https://mvnrepository.com/artifact/com.thinkaurelius.thrift/thrift-server/0.3.9]
> * See [https://mvnrepository.com/artifact/com.google.guava/guava/30.1.1-jre]
> * See [https://mvnrepository.com/artifact/ch.qos.logback/logback-core/1.2.3]
> * See [https://mvnrepository.com/artifact/org.yaml/snakeyaml/1.29]
> * See [https://mvnrepository.com/artifact/commons-codec/commons-codec/1.15]
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org
