[ https://issues.apache.org/jira/browse/ATLAS-4002?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17219718#comment-17219718 ]
ASF subversion and git services commented on ATLAS-4002: -------------------------------------------------------- Commit f3faad547380ac786427d84c95244de502781360 in atlas's branch refs/heads/master from chaitali borole [ https://gitbox.apache.org/repos/asf?p=atlas.git;h=f3faad5 ] ATLAS-4002 : Upgrade commons-beanutils to 1.9.4 due to CVE-2019-10086 > Upgrade commons-beanutils to 1.9.4 due to CVE-2019-10086 > --------------------------------------------------------- > > Key: ATLAS-4002 > URL: https://issues.apache.org/jira/browse/ATLAS-4002 > Project: Atlas > Issue Type: Improvement > Affects Versions: 3.0.0 > Reporter: chaitali borole > Assignee: chaitali borole > Priority: Major > Fix For: 3.0.0 > > > Atlas is currently pulling in commons-beanutils 1.9.3 through atlas-repository > We need to update opencsv jar version to 5.0 for the same > commons-beanutils <1.9.4 is vulnerable to CVE-2019-10086 > ... > [INFO] +- com.opencsv:opencsv:jar:4.6:compile > [INFO] | +- org.apache.commons:commons-text:jar:1.3:compile > [INFO] | +- commons-beanutils:commons-beanutils:jar:1.9.3:compile > [INFO] | \- org.apache.commons:commons-collections4:jar:4.4:compile > ... -- This message was sent by Atlassian Jira (v8.3.4#803005)