Jackson Fleming created CASSANDRA-19654:
-------------------------------------------
Summary: Update bundled Cassandra cassandra-driver-core dependency
Key: CASSANDRA-19654
URL: https://issues.apache.org/jira/browse/CASSANDRA-19654
Project: Cassandra
Issue Type: Task
Components: Dependencies
Reporter: Jackson Fleming
There's a dependency in Cassandra project on an old version of the Java driver
cassandra-driver-core - 3.11.0 in the 4.0 and later releases of Cassandra
(For example on the 4.1 branch
[https://github.com/apache/cassandra/blob/cassandra-4.1/build.xml#L691)]
It appears that this dependency may have some security vulnerabilities in
transitive dependencies.
But also this is a very old version of the driver, ideally it would be aligned
to a newer version, I would suggest either 3.11.5 which is the latest in that
line of driver versions
[https://mvnrepository.com/artifact/com.datastax.cassandra/cassandra-driver-core|https://mvnrepository.com/artifact/com.datastax.cassandra/cassandra-driver-core)]
or this gets updated to the latest 4.x driver (as of writing that's 4.18.1 in
[https://mvnrepository.com/artifact/org.apache.cassandra/java-driver-core] )
but this seems like a larger undertaking.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
