acherla opened a new issue, #13827: URL: https://github.com/apache/druid/issues/13827
Folks, Our company recently detected around 1400+ critical vulnerabilities related to the "org.mortbay.jetty:jetty-util" (Package type Java) package vulnerability which needs to be upgraded from 6.1.26 to 9.4.47 to remediate. Below is a list of all high/critical vulnerabilities discovered org.mortbay.jetty:jetty-util -> Upgrade from 6.1.26 to 9.4.47 See CVE-2022-2048 for more details org.apache.velocity:velocity-engine-core -> Upgrade from 2.2 to 2.3 See CVE-2020-13936 for more details org.yaml:snakeyaml -> upgrade from 1.27 to 1.31 See CVE-2022-25857 for more details ### Affected Version 25.0.0 ### Description Please include as much detailed information about the problem as possible. - Deployed docker container 25.0.0 to our onprem kubernetes environment - Ran blackduck scan to verify vulnerabilities - Generated report which contains vulnerabilities -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
