HI, I can't see an attachment on this email.
Istvan On Sun, Feb 18, 2024 at 6:02 PM Mateusz Gajewski < mateusz.gajew...@starburstdata.com> wrote: > Hi Phoenix team, > > I've built and tested upcoming 5.1.4 version by building it from the 5.1 > branch (5.1.3-124-gb6ca402f9) and would like to ask to address several CVEs > before releasing 5.1.4. Phoenix integration in Trino ( > https://github.com/trinodb/trino) is one of two connectors with really > high number of CVEs that we would like to remove from our codebase - either > by updating a connector to a newer, CVE-free dependency or by dropping > connector code and support for Phoenix (actually Phoenix5 accounts for 95% > of remaining CVEs in our codebase). > > I'm attaching a list of detected vulnerabilities. > > Please let me know how we can workaround these vulnerabilities. > -- *István Tóth* | Sr. Staff Software Engineer *Email*: st...@cloudera.com cloudera.com <https://www.cloudera.com> [image: Cloudera] <https://www.cloudera.com/> [image: Cloudera on Twitter] <https://twitter.com/cloudera> [image: Cloudera on Facebook] <https://www.facebook.com/cloudera> [image: Cloudera on LinkedIn] <https://www.linkedin.com/company/cloudera> ------------------------------ ------------------------------
