github reporting transient JAR risks

Wed, 17 Oct 2018 05:36:11 -0700 

FYI, I got email from github today telling me that we need to bump up httpclient

Begin forwarded message:

From: GitHub <notificati...@github.com<mailto:notificati...@github.com>>
Subject: [steveloughran/hadoop-trunk] One of your dependencies may have a 
security vulnerability
Date: 17 October 2018 at 01:13:30 BST
To: steveloughran/hadoop-trunk 
<hadoop-tr...@noreply.github.com<mailto:hadoop-tr...@noreply.github.com>>
Cc: Security alert 
<security_al...@noreply.github.com<mailto:security_al...@noreply.github.com>>
Reply-To: steveloughran/hadoop-trunk 
<nore...@github.com<mailto:nore...@github.com>>


[GitHub]<https://github.com/>   Sign in<https://github.com/login>
steveloughran,

We found a potential security vulnerability in a repository for which you have 
been granted security alert access.

[@steveloughran]        
steveloughran/hadoop-trunk<https://github.com/steveloughran/hadoop-trunk>
Known moderate severity security vulnerability detected in 
org.apache.httpcomponents:httpclient < 4.3.6 defined in 
pom.xml<https://github.com/steveloughran/hadoop-trunk/blob/stevel/HADOOP-8545-swift/hadoop-project/pom.xml>.
pom.xml<https://github.com/steveloughran/hadoop-trunk/blob/stevel/HADOOP-8545-swift/hadoop-project/pom.xml>
 update suggested: org.apache.httpcomponents:httpclient ~> 4.3.6.
Always verify the validity and compatibility of suggestions with your codebase.



Review vulnerable 
dependency<https://github.com/steveloughran/hadoop-trunk/network/alert/hadoop-project/pom.xml/org.apache.httpcomponents:httpclient/open>

________________________________


Only users who have been assigned access to security alerts will receive these 
notifications.

Unsubscribe 
<https://github.com/notifications/unsubscribe-vulnerability/AAJ5KtMbNOecIR9rUT2OmXqf3co8yS8Tks5ulnYpgaJpZM4Xirdg>
 · Email preferences<https://github.com/settings/emails> · 
Terms<https://help.github.com/articles/github-terms-of-service/> · 
Privacy<https://help.github.com/articles/github-privacy-policy/> · Sign into 
GitHub<https://github.com/login>


GitHub, Inc.
88 Colin P Kelly Jr St.
San Francisco, CA 94107

Reply via email to