[jira] [Commented] (SUBMARINE-696) Vulnerability upgrade recommended

Mon, 21 Dec 2020 18:13:44 -0800 


    [ 
https://issues.apache.org/jira/browse/SUBMARINE-696?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17253212#comment-17253212
 ] 

Zhankun Tang commented on SUBMARINE-696:
----------------------------------------

Thanks for pointing out this. [~aeioulisa]! Feel free to raise a JIRA to 
upgrade them. Thanks!

> Vulnerability upgrade recommended
> ---------------------------------
>
>                 Key: SUBMARINE-696
>                 URL: https://issues.apache.org/jira/browse/SUBMARINE-696
>             Project: Apache Submarine
>          Issue Type: Improvement
>            Reporter: Lisa Chang
>            Priority: Trivial
>
> codehaus-jackson version:
> [https://github.com/apache/submarine/blob/3041ef26ad04c0bddd2257a28694aa4e2b4cc837/pom.xml#L120]
> [CVE-2017-15095|https://github.com/advisories/GHSA-h592-38cm-4ggp] 
> [CVE-2018-7489|https://github.com/advisories/GHSA-cggj-fvv3-cqwv] 
> [CVE-2019-14540|https://github.com/advisories/GHSA-h822-r4r5-v8jg] 
> [CVE-2019-16335|https://github.com/advisories/GHSA-85cw-hj65-qqv9] 
> [CVE-2019-17267|https://github.com/advisories/GHSA-f3j5-rmmp-3fc5] 
> [CVE-2019-14893|https://github.com/advisories/GHSA-qmqc-x3r4-6v39] 
> [CVE-2018-5968|https://github.com/advisories/GHSA-w3f4-3q6j-rh82] 
> [CVE-2019-10172|https://github.com/advisories/GHSA-r6j9-8759-g62w] 
> [CVE-2018-1000873|https://github.com/advisories/GHSA-h4x4-5qp2-wp46]
>  Recommended upgrade version:2.6.7.4
> ---------------------------------------------------------------------------------------------------------
> solr version:
> [https://github.com/apache/submarine/blob/3041ef26ad04c0bddd2257a28694aa4e2b4cc837/submarine-security/spark-security/pom.xml#L53]
> [CVE-2019-0192|https://github.com/advisories/GHSA-xhcq-fv7x-grr2] 
> [CVE-2017-3164|https://github.com/advisories/GHSA-vrh8-27q8-fr8f] 
> [CVE-2019-0193|https://github.com/advisories/GHSA-3gm7-v7vw-866c] 
> [CVE-2019-17558|https://github.com/advisories/GHSA-ww97-9w65-2crx] 
> CVE-2020-13941
>  Recommended upgrade version:
>  8.4.1.7.1.3.3-3
> ---------------------------------------------------------------------------------------------------------
> spark version:
> [https://github.com/apache/submarine/blob/3041ef26ad04c0bddd2257a28694aa4e2b4cc837/submarine-security/spark-security/pom.xml#L54]
> CVE-2020-9480
> Recommended upgrade version:
>  2.4.0.7.1.1.2007-6
> ---------------------------------------------------------------------------------------------------------
> jetty version:
> [https://github.com/apache/submarine/blob/3041ef26ad04c0bddd2257a28694aa4e2b4cc837/pom.xml#L72]
> [CVE-2020-27216|https://github.com/advisories/GHSA-g3wg-6mcf-8jj6]
> Recommended upgrade version:
>  9.4.35.v20201120
> ---------------------------------------------------------------------------------------------------------
> mysql-connector-java version:
> [https://github.com/apache/submarine/blob/3041ef26ad04c0bddd2257a28694aa4e2b4cc837/pom.xml#L85]
> CVE-2017-3523 CVE-2018-3258 CVE-2017-3586
> Recommended upgrade version:
>  8.0.20
> ---------------------------------------------------------------------------------------------------------
> snakeyaml version
> [https://github.com/apache/submarine/blob/3041ef26ad04c0bddd2257a28694aa4e2b4cc837/pom.xml#L100]
> CVE-2017-18640
> Recommended upgrade version:
> 1.26
>  



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@submarine.apache.org
For additional commands, e-mail: dev-h...@submarine.apache.org

Reply via email to