Re: Review Request 72983: ATLAS-4002 : Upgrade commons-beanutils to 1.9.4 due to CVE-2019-10086

chaitali Fri, 23 Oct 2020 02:21:34 -0700

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72983/
-----------------------------------------------------------


(Updated Oct. 23, 2020, 9:20 a.m.)


Review request for atlas, Ashutosh Mestry, Jayendra Parab, Madhan Neethiraj, 
Nixon Rodrigues, and Sarath Subramanian.


Bugs: ATLAS-4002
    https://issues.apache.org/jira/browse/ATLAS-4002


Repository: atlas


Description
-------

Atlas is currently pulling in commons-beanutils 1.9.3 through atlas-repository

We need to update opencsv jar version to 5.0 for the same

Upgrading opencsv jar to 5.0

commons-beanutils <1.9.4 is vulnerable to CVE-2019-10086

...
[INFO] +- com.opencsv:opencsv:jar:4.6:compile
[INFO] | +- org.apache.commons:commons-text:jar:1.3:compile
[INFO] | +- commons-beanutils:commons-beanutils:jar:1.9.3:compile
[INFO] | - org.apache.commons:commons-collections4:jar:4.4:compile


Diffs
-----

  pom.xml b9242016b 
  repository/src/main/java/org/apache/atlas/util/FileUtils.java 66ade2640 


Diff: https://reviews.apache.org/r/72983/diff/1/


Testing (updated)
-------

Tested with bulk upload feature for Businessmetadata and glossary
https://ci-builds.apache.org/job/Atlas/job/PreCommit-ATLAS-Build-Test/122/consoleFull


Thanks,

chaitali

Re: Review Request 72983: ATLAS-4002 : Upgrade commons-beanutils to 1.9.4 due to CVE-2019-10086

Reply via email to