[
https://issues.apache.org/jira/browse/AVRO-2218?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16729110#comment-16729110
]
ASF subversion and git services commented on AVRO-2218:
-------------------------------------------------------
Commit 4eb2bed0bbbf7c25d9a25ab06eb368348771e918 in avro's branch
refs/heads/master from Ismaël Mejía
[ https://gitbox.apache.org/repos/asf?p=avro.git;h=4eb2bed ]
AVRO-2218: Upgrade dependencies to latest releases
> upgrade libraries to work around security issues
> ------------------------------------------------
>
> Key: AVRO-2218
> URL: https://issues.apache.org/jira/browse/AVRO-2218
> Project: Apache Avro
> Issue Type: Improvement
> Components: java
> Affects Versions: 1.8.2
> Reporter: Matt Darwin
> Priority: Major
>
> Avro has some very old dependencies, which potentially expose users to
> security vulnerabilities.
> ||Library||Current version||dated||latest version||dated||
> |Jackson|1.9.13|Jul '13|2.9.6|Jun '18|
> |paranamer|2.7|Aug '14|2.8|Aug '15|
> |snappy|1.1.1.3|Jul '14|1.1.7.2|May '18|
> |commons-compress|1.8.1|May '14|1.17|May '18|
> |Tukaani XZ|1.5|Mar '14|1.8|Jan '18|
>
> Large corporations have strict rules about the use of third-party libraries.
> For example, at Oracle we are not allowed to use any third-party code which
> has any dependencies older than 18 months or 5 versions.
> Please upgrade these dependencies to the latest versions.
>
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
