[jira] [Commented] (THRIFT-5293) Blackduck shows the security vulnerabilities in libfb303:0.9.3

suraj misra (Jira) Sat, 10 Oct 2020 00:33:35 -0700


    [ 
https://issues.apache.org/jira/browse/THRIFT-5293?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17211592#comment-17211592
 ]


suraj misra commented on THRIFT-5293:
-------------------------------------

Thankyou Max for your information as well as your patience for giving the 
answer. I will keep all advices next time in my mind while submitting the bug. 
In my case, it was showing the exact same vulnerabilities for 2 libraries.

1- libfb303:0.9.3

2-libthirft0.9.3

I updated the version for libthirft to 0.13.0 but still Blackduck was showing 
the security vulnerabilities for libfb303:0.9.3.

I will report to Blackduck about these vulnerabilities as false positives for 
libfb303:0.9.3.  

> Blackduck shows the security vulnerabilities in libfb303:0.9.3
> --------------------------------------------------------------
>
>                 Key: THRIFT-5293
>                 URL: https://issues.apache.org/jira/browse/THRIFT-5293
>             Project: Thrift
>          Issue Type: Bug
>          Components: Java - Library
>    Affects Versions: 0.9.3
>            Reporter: suraj misra
>            Assignee: Max
>            Priority: Critical
>             Fix For: 0.13.0
>
>         Attachments: Security_vulnerabilities.JPG
>
>
> Blackduck shows the security vulnerabilities in libfb303:0.9.3 
> !Security_vulnerabilities.JPG!



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Commented] (THRIFT-5293) Blackduck shows the security vulnerabilities in libfb303:0.9.3

Reply via email to