[jira] [Updated] (ATLAS-4002) Upgrade commons-beanutils to 1.9.4 due to CVE-2019-10086

chaitali borole (Jira) Fri, 23 Oct 2020 00:15:49 -0700


     [ 
https://issues.apache.org/jira/browse/ATLAS-4002?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


chaitali borole updated ATLAS-4002:
-----------------------------------
    Fix Version/s: 3.0.0

>  Upgrade commons-beanutils to 1.9.4 due to CVE-2019-10086
> ---------------------------------------------------------
>
>                 Key: ATLAS-4002
>                 URL: https://issues.apache.org/jira/browse/ATLAS-4002
>             Project: Atlas
>          Issue Type: Improvement
>    Affects Versions: 3.0.0
>            Reporter: chaitali borole
>            Assignee: chaitali borole
>            Priority: Major
>             Fix For: 3.0.0
>
>
> Atlas is currently pulling in commons-beanutils 1.9.3 through atlas-repository
> We need to update opencsv jar version to 5.0 for the same
> commons-beanutils <1.9.4 is vulnerable to CVE-2019-10086
> ...
> [INFO] +- com.opencsv:opencsv:jar:4.6:compile
> [INFO] |  +- org.apache.commons:commons-text:jar:1.3:compile
> [INFO] |  +- commons-beanutils:commons-beanutils:jar:1.9.3:compile
> [INFO] |  \- org.apache.commons:commons-collections4:jar:4.4:compile
> ...



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Updated] (ATLAS-4002) Upgrade commons-beanutils to 1.9.4 due to CVE-2019-10086

Reply via email to