[
https://issues.apache.org/jira/browse/ATLAS-2671?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Apoorv Naik updated ATLAS-2671:
-------------------------------
Description: Spring, Jackson and Lucene 7.0 have certain CVEs related to
remote code execution. Upgrading the versions would resolve this vulnerability.
(was: Spring and Jackson have certain CVEs related to remote code execution.
Upgrading the versions would resolve this vulnerability.)
> Version upgrade to mitigate CVE
> -------------------------------
>
> Key: ATLAS-2671
> URL: https://issues.apache.org/jira/browse/ATLAS-2671
> Project: Atlas
> Issue Type: Improvement
> Reporter: Apoorv Naik
> Assignee: Apoorv Naik
> Priority: Major
> Fix For: 1.0.0
>
> Attachments: 0001-CVE-Jackson-and-Lucene-dependency-upgrade.patch,
> 0002-CVE-Spring-upgrades.patch
>
>
> Spring, Jackson and Lucene 7.0 have certain CVEs related to remote code
> execution. Upgrading the versions would resolve this vulnerability.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
