efreem01 opened a new issue, #11060: URL: https://github.com/apache/pinot/issues/11060
We are using the pinot-jdbc-client : 0.12.1 and there are multiple downstream dependencies with serious, known vulnerabilities. We looked, and 0.12.1 is the latest version available. Can you please upgrade these dependencies? com.google.guava : guava : 31.1-jre - http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2976 com.google.protobuf : protobuf-java : 3.19.2 - http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3509 commons-httpclient : commons-httpclient : 3.1 - http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5783 org.apache.calcite : calcite-core : 1.29.0 - http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-39135 org.apache.calcite.avatica : avatica-core : 1.20.0 - http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-36364 org.xerial.snappy : snappy-java : 1.1.8.2 - http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-34453 org.yaml : snakeyaml : 1.29 - http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1471 io.netty : netty-handler : 4.1.92.final - http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-34462 org.webjars : swagger-ui : 3.23.11 - http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-25031 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
