[
https://issues.apache.org/jira/browse/CASSANDRA-19146?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17793302#comment-17793302
]
Brandon Williams commented on CASSANDRA-19146:
----------------------------------------------
I had this marked 5.0-rc because of the timing; I don't believe we will be able
to do vulnerability scans after December 15th without this upgrade:
https://groups.google.com/a/list.nist.gov/g/nvd-news/c/a4bDL8nofOk
{quote}
Due to practical reasons, the 1.0 APIs and Legacy Data Feed Files will no
longer be accessible after December 18th. This does not change the December
15th retirement date, but the feeds will technically still be accessible until
we complete an external deployment on the 18th.
{quote}
Seems to indicate we shouldn't use it past the 15th, and we can't use it past
the 18th.
> Upgrade owasp to 9.0.x
> ----------------------
>
> Key: CASSANDRA-19146
> URL: https://issues.apache.org/jira/browse/CASSANDRA-19146
> Project: Cassandra
> Issue Type: Bug
> Components: Build
> Reporter: Brandon Williams
> Assignee: Jacek Lewandowski
> Priority: Normal
> Fix For: 3.0.x, 3.11.x, 4.0.x, 4.1.x, 5.0-rc, 5.x
>
>
> From https://github.com/jeremylong/DependencyCheck :
> {quote}
> Upgrading to 9.0.0 or later is mandatory; previous versions of
> dependency-check utilize the NVD data feeds which will be deprecated on Dec
> 15th, 2023.
> {quote}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org
