chaitali borole created ATLAS-4002: -------------------------------------- Summary: Upgrade commons-beanutils to 1.9.4 due to CVE-2019-10086 Key: ATLAS-4002 URL: https://issues.apache.org/jira/browse/ATLAS-4002 Project: Atlas Issue Type: Improvement Reporter: chaitali borole Assignee: chaitali borole
Atlas is currently pulling in commons-beanutils 1.9.3 through atlas-repository We need to update opencsv jar version to 5.0 for the same commons-beanutils <1.9.4 is vulnerable to CVE-2019-10086 ... [INFO] +- com.opencsv:opencsv:jar:4.6:compile [INFO] | +- org.apache.commons:commons-text:jar:1.3:compile [INFO] | +- commons-beanutils:commons-beanutils:jar:1.9.3:compile [INFO] | \- org.apache.commons:commons-collections4:jar:4.4:compile ... -- This message was sent by Atlassian Jira (v8.3.4#803005)