[ https://issues.apache.org/jira/browse/ATLAS-3930?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Gaurav Saini updated ATLAS-3930: -------------------------------- Summary: Atlas server distribution contains 180+ CVEs (was: Getting Multi exception while updating the dependency version.) > Atlas server distribution contains 180+ CVEs > -------------------------------------------- > > Key: ATLAS-3930 > URL: https://issues.apache.org/jira/browse/ATLAS-3930 > Project: Atlas > Issue Type: Bug > Components: atlas-core, atlas-intg, atlas-webui > Affects Versions: 2.1.0 > Reporter: Gaurav Saini > Priority: Blocker > Attachments: dependency-check-report.csv, dependency-check-report.html > > > we are working on apache atlas code and started deploying over > *[https://github.com/apache/atlas/tree/release-2.1.0-rc3]* > Upon scanning using twistlock, we found *180+* vulnerability. > > Out of these, Jackson-databind and netty_netty-all were the most occurring > once. > So, we tried upgrading the versions, but integration tests in atlas-webapp > start failing saying *"org.eclise.jetty, utils: Multi exception".* > The same thing is happening while upgrading versions of any other > dependencies in the atlas module. The application breaks for any other > dependency which we are trying to upgrade. for example, Hadoop_hdfs uses > Jackson-databind as a transitive dependency, hence I am unable to update > version. > _PFA of dependency check for the project._ > *I do not see any open issue on the Github channel too.* > *Have you experienced any such scenario while upgrading earlier?* > *Is there a way for me to move ahead to remove vulnerabilities in the > current version.* -- This message was sent by Atlassian Jira (v8.3.4#803005)