zhaojintaozhao opened a new issue #5173: URL: https://github.com/apache/incubator-doris/issues/5173
Hi all: We kown, FE depends many open source components, but some versions of tem are too early, such as jackson, okhttp3, kio. These earlier versions of open source components have many vulnerabilities. Example: The current version of jackson is 2.9.7. There are some vulnerabilities of jackson 2.9.7: CVE-2018-19360, CVE-2018-19361, and CVE-2018-19362. For details, you can open https://github.com/FasterXML/jackson-databind/issues/2186 Doris should upgrade these early components Upgrade Jackson from 2.9.7 to 2.11.3 Upgrade commons-validator from 1.4.1 to 1.6 Upgrade okhttp from 3.4.1 to 3.14.4 Upgrade kio from 1.9.0 to 1.17.2 In our system, FE can work properly after upgrading these component packages. ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
