[GitHub] [pulsar] lhotari opened a new pull request, #20604: [fix][sec] Upgrade snappy-java to address multiple CVEs

via GitHub Mon, 19 Jun 2023 01:22:49 -0700


lhotari opened a new pull request, #20604:
URL: https://github.com/apache/pulsar/pull/20604


   ### Motivation
   
   OWASP dependency check has detected multiple CVEs in snappy-java
   
   ### Modifications
   
   - Upgrade snappy-java to 1.1.10.1 to address multiple CVEs:
     - CVE-2023-34453 
     - CVE-2023-34454
     - CVE-2023-34455
   
   See https://github.com/xerial/snappy-java/releases/tag/v1.1.10.1
   
   ### Documentation
   
   <!-- DO NOT REMOVE THIS SECTION. CHECK THE PROPER BOX ONLY. -->
   
   - [ ] `doc` <!-- Your PR contains doc changes. -->
   - [ ] `doc-required` <!-- Your PR changes impact docs and you will update 
later -->
   - [x] `doc-not-needed` <!-- Your PR changes do not impact docs -->
   - [ ] `doc-complete` <!-- Docs have been already added -->


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

[GitHub] [pulsar] lhotari opened a new pull request, #20604: [fix][sec] Upgrade snappy-java to address multiple CVEs

Reply via email to