[ https://issues.apache.org/jira/browse/CASSANDRA-19146?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17793302#comment-17793302 ]
Brandon Williams commented on CASSANDRA-19146: ---------------------------------------------- I had this marked 5.0-rc because of the timing; I don't believe we will be able to do vulnerability scans after December 15th without this upgrade: https://groups.google.com/a/list.nist.gov/g/nvd-news/c/a4bDL8nofOk {quote} Due to practical reasons, the 1.0 APIs and Legacy Data Feed Files will no longer be accessible after December 18th. This does not change the December 15th retirement date, but the feeds will technically still be accessible until we complete an external deployment on the 18th. {quote} Seems to indicate we shouldn't use it past the 15th, and we can't use it past the 18th. > Upgrade owasp to 9.0.x > ---------------------- > > Key: CASSANDRA-19146 > URL: https://issues.apache.org/jira/browse/CASSANDRA-19146 > Project: Cassandra > Issue Type: Bug > Components: Build > Reporter: Brandon Williams > Assignee: Jacek Lewandowski > Priority: Normal > Fix For: 3.0.x, 3.11.x, 4.0.x, 4.1.x, 5.0-rc, 5.x > > > From https://github.com/jeremylong/DependencyCheck : > {quote} > Upgrading to 9.0.0 or later is mandatory; previous versions of > dependency-check utilize the NVD data feeds which will be deprecated on Dec > 15th, 2023. > {quote} -- This message was sent by Atlassian Jira (v8.20.10#820010) --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org