Ragul created AVRO-3656:
---------------------------
Summary: Vulnerabilities from dependencies - jackson-databind &
commons-text
Key: AVRO-3656
URL: https://issues.apache.org/jira/browse/AVRO-3656
Project: Apache Avro
Issue Type: Bug
Affects Versions: 1.11.1
Reporter: Ragul
Version 1.11.1 of avro-compiler contains the apache commons-text vulnerable
library (1.9) &
Jackson-databind (2.12.7)
Vulnerabilities from dependencies:
[CVE-2022-42889|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42889]
[CVE-2022-42004|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42004]
[CVE-2022-42003|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42003]
Is there any plan to upgrade dependency and address this issue?
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
