Dave created PIG-5345:
-------------------------
Summary: Use of numerous known vulnerable libraries
Key: PIG-5345
URL: https://issues.apache.org/jira/browse/PIG-5345
Project: Pig
Issue Type: Improvement
Reporter: Dave
I ran a commercial known vulnerable library analysis tool on PIG and it flagged
numerous direct and transitive dependencies as having known vulnerabilities.
I'd be happy to share the list offline if anyone is interested in the
list/willing to work on upgrading them. If interested, contact me at:
dave.wich...@owasp.org.
If it is not doing so already, the project might also want to start using OWASP
Dependency Check or [https://ossindex.net/] to automate this type of analysis
so its easier for the project to try to keep up to date as new CVEs in
libraries are uncovered.
the project might also want to start using some known vulnerable library tools
like OWASP Dependency Check or [https://ossindex.net/] (both are free) to help
the project identify/avoid issues like this in the future.
the project might also want to start using some known vulnerable library tools
like OWASP Dependency Check or [https://ossindex.net/] (both are free) to help
the project identify/avoid issues like this in the future.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
