[GitHub] [pulsar] dlsprague opened a new issue #9151: Security vulnerability in 2.6.2 and 2.7.0 Client

GitBox Fri, 08 Jan 2021 05:50:02 -0800


dlsprague opened a new issue #9151:
URL: https://github.com/apache/pulsar/issues/9151



   Using 2.6.2 client Bouncy castle jar file, an inner jar of pulsar client has 
some internal transitive dependencies with 1.6.0 version of bouncy castle which 
is causing the HIGH vulnerabilities.
   
   Using 2.7.0 High vulnerability is removed but it has 1 CRITICAL 
vulnerability with the new transitive dependency jar 
(bcprov-ext-jdk15on-1.66.jar
   
   
![image262_1](https://user-images.githubusercontent.com/75750837/104022522-649abb00-518e-11eb-92e8-4377d76bfe92.png)
   
![image262_2](https://user-images.githubusercontent.com/75750837/104022535-68c6d880-518e-11eb-9014-0cd04764b1ea.png)
   
![image270_1](https://user-images.githubusercontent.com/75750837/104022546-6cf2f600-518e-11eb-93d4-6e94dee1b902.png)
   
![image270_2](https://user-images.githubusercontent.com/75750837/104022556-711f1380-518e-11eb-8446-89eeac32213c.png)
   
   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
[email protected]

[GitHub] [pulsar] dlsprague opened a new issue #9151: Security vulnerability in 2.6.2 and 2.7.0 Client

Reply via email to