[
https://issues.apache.org/jira/browse/CASSANDRA-15856?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Michael Semb Wever updated CASSANDRA-15856:
-------------------------------------------
Fix Version/s: 3.11.12
> Security vulnerabilities with dependency jars of Cassandra 3.11.6
> ------------------------------------------------------------------
>
> Key: CASSANDRA-15856
> URL: https://issues.apache.org/jira/browse/CASSANDRA-15856
> Project: Cassandra
> Issue Type: Task
> Reporter: Kshitiz Saxena
> Priority: Normal
> Fix For: 3.11.12, 3.11.x
>
>
> The latest release of Cassandra 3.11.6 has few dependency jars which have
> some security vulnerabilities.
>
> Apache Thrift (org.apache.thrift:libthrift:0.9.2) has below mentioned
> security vulnerabilities reported
> |+[https://nvd.nist.gov/vuln/detail/CVE-2016-5397]+|
> |+[https://nvd.nist.gov/vuln/detail/CVE-2018-1320]+|
> |+[https://nvd.nist.gov/vuln/detail/CVE-2019-0205]+|
>
> Netty Project (io.netty:netty-all:4.0.44.Final) has below mentioned security
> vulnerabilities reported
> |+[https://nvd.nist.gov/vuln/detail/CVE-2019-16869]+|
> |+[https://nvd.nist.gov/vuln/detail/CVE-2019-20444]+|
> |+[https://nvd.nist.gov/vuln/detail/CVE-2019-20445]+|
>
> Is there a plan to upgrade these jars in any upcoming release?
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
