xiangfu0 commented on issue #18593: URL: https://github.com/apache/pinot/issues/18593#issuecomment-4552786037
I checked current `master` (`baccdcc489017df4449f5e594d3fab564b504ab2`). Most of the versions from the 1.5.0 scan are already updated on `master`: - Netty is now `4.1.134.Final` via `netty-bom` (covers the reported `4.1.122.Final` Netty rows). - Log4j is now `2.26.0` (covers the reported `2.25.3` Log4j rows). - `org.asynchttpclient:async-http-client` is now `3.0.10`. - `org.apache.httpcomponents.client5:httpclient5` is now `5.6.1`. The Jetty entries are the remaining exception: `master` still has `eclipse.jetty.version` at `9.4.58.v20250814`, so the Jetty CVE row from the scan is not addressed on `master` yet. So this is partially patched on `master` already, but Jetty still needs follow-up. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
