[jira] [Commented] (ATLAS-3930) Getting Multi exception while updating the dependency version.

Mon, 31 Aug 2020 05:29:38 -0700 


    [ 
https://issues.apache.org/jira/browse/ATLAS-3930?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17187689#comment-17187689
 ] 

Gaurav Saini commented on ATLAS-3930:
-------------------------------------

we are trying to fix the variabilities by upgrading the version of the 
transitive dependency. here is the Github link. 
( [https://github.com/crazylab/atlas/tree/cve-fix 
)|https://github.com/crazylab/atlas/tree/cve-fix)]   
we are not able to solve many of the variabilities and when we are upgrading 
the versions, it is breaking in many places.
any help will be appreciated.  

> Getting Multi exception while updating the dependency version.
> --------------------------------------------------------------
>
>                 Key: ATLAS-3930
>                 URL: https://issues.apache.org/jira/browse/ATLAS-3930
>             Project: Atlas
>          Issue Type: Bug
>          Components:  atlas-core, atlas-intg, atlas-webui
>    Affects Versions: 2.1.0
>            Reporter: Gaurav Saini
>            Priority: Blocker
>         Attachments: dependency-check-report.csv, dependency-check-report.html
>
>
> we are working on apache atlas code and started deploying over 
> *[https://github.com/apache/atlas/tree/release-2.1.0-rc3]*
>  Upon scanning using twistlock, we found *180+* vulnerability.
>   
>  Out of these, Jackson-databind and netty_netty-all were the most occurring 
> once.
>  So, we tried upgrading the versions, but integration tests in atlas-webapp 
> start failing saying *"org.eclise.jetty, utils: Multi exception".*
> The same thing is happening while upgrading versions of any other 
> dependencies in the atlas module. The application breaks for any other 
> dependency which we are trying to upgrade. for example, Hadoop_hdfs uses 
> Jackson-databind as a transitive dependency, hence I am unable to update 
> version.
>  _PFA of dependency check for the project._
> *I do not see any open issue on the Github channel too.*
>  *Have you experienced any such scenario while upgrading earlier?*
>  *Is there a way for me to move ahead to remove vulnerabilities in the 
> current version.*



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to