Dave created PIG-5345: ------------------------- Summary: Use of numerous known vulnerable libraries Key: PIG-5345 URL: https://issues.apache.org/jira/browse/PIG-5345 Project: Pig Issue Type: Improvement Reporter: Dave
I ran a commercial known vulnerable library analysis tool on PIG and it flagged numerous direct and transitive dependencies as having known vulnerabilities. I'd be happy to share the list offline if anyone is interested in the list/willing to work on upgrading them. If interested, contact me at: dave.wich...@owasp.org. If it is not doing so already, the project might also want to start using OWASP Dependency Check or [https://ossindex.net/] to automate this type of analysis so its easier for the project to try to keep up to date as new CVEs in libraries are uncovered. the project might also want to start using some known vulnerable library tools like OWASP Dependency Check or [https://ossindex.net/] (both are free) to help the project identify/avoid issues like this in the future. the project might also want to start using some known vulnerable library tools like OWASP Dependency Check or [https://ossindex.net/] (both are free) to help the project identify/avoid issues like this in the future. -- This message was sent by Atlassian JIRA (v7.6.3#76005)