[
https://issues.apache.org/jira/browse/ATLAS-3930?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Gaurav Saini updated ATLAS-3930:
--------------------------------
Summary: Atlas server distribution contains 180+ CVEs (was: Getting Multi
exception while updating the dependency version.)
> Atlas server distribution contains 180+ CVEs
> --------------------------------------------
>
> Key: ATLAS-3930
> URL: https://issues.apache.org/jira/browse/ATLAS-3930
> Project: Atlas
> Issue Type: Bug
> Components: atlas-core, atlas-intg, atlas-webui
> Affects Versions: 2.1.0
> Reporter: Gaurav Saini
> Priority: Blocker
> Attachments: dependency-check-report.csv, dependency-check-report.html
>
>
> we are working on apache atlas code and started deploying over
> *[https://github.com/apache/atlas/tree/release-2.1.0-rc3]*
> Upon scanning using twistlock, we found *180+* vulnerability.
>
> Out of these, Jackson-databind and netty_netty-all were the most occurring
> once.
> So, we tried upgrading the versions, but integration tests in atlas-webapp
> start failing saying *"org.eclise.jetty, utils: Multi exception".*
> The same thing is happening while upgrading versions of any other
> dependencies in the atlas module. The application breaks for any other
> dependency which we are trying to upgrade. for example, Hadoop_hdfs uses
> Jackson-databind as a transitive dependency, hence I am unable to update
> version.
> _PFA of dependency check for the project._
> *I do not see any open issue on the Github channel too.*
> *Have you experienced any such scenario while upgrading earlier?*
> *Is there a way for me to move ahead to remove vulnerabilities in the
> current version.*
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
