> On Aug 3, 2018, at 10:29 AM, Josh Elser <[email protected]> wrote:
>
> Hi Nick!
>
> In chatting with Sean before sending this email, he pretty much suggested the
> same thing to me. I think this is the eventuality I need to embrace -- was
> just hoping for something a little less drastic for a first contribution ;)
>
Playing with YETUS-441 (which still hasn’t been committed, for those of
you with time to review patches), you could always make your first contribution
to fix up any valid CVEs… haha.
CVE | Severity Dependency
CVE-2015-5237 | Medium protobuf-javanano-3.1.0.jar
CVE-2014-3488 | Medium netty-tcnative-2.0.8.Final-linux-x86_64.jar
CVE-2015-2156 | Medium netty-tcnative-2.0.8.Final-linux-x86_64.jar
CVE-2017-5645 | High log4j-api-2.6.2.jar
CVE-2011-4461 | Medium jetty-6.1.26.jar
CVE-2014-0114 | High commons-beanutils-1.7.0.jar
CVE-2014-0114 | High commons-beanutils-core-1.8.0.jar
CVE-2015-5237 | Medium protobuf-java-2.5.0.jar
CVE-2017-12972 | Medium nimbus-jose-jwt-3.9.jar
CVE-2017-12973 | Medium nimbus-jose-jwt-3.9.jar
CVE-2017-12974 | Medium nimbus-jose-jwt-3.9.jar
CVE-2014-0085 | Low curator-framework-2.7.1.jar
CVE-2016-5017 | Medium curator-framework-2.7.1.jar
CVE-2018-8012 | Medium curator-framework-2.7.1.jar
CVE-2017-15713 | Medium hadoop-auth-3.0.0-alpha1.jar
CVE-2017-3166 | Medium hadoop-auth-3.0.0-alpha1.jar
CVE-2017-7669 | High hadoop-auth-3.0.0-alpha1.jar
CVE-2016-5725 | Medium jsch-0.1.51.jar
CVE-2014-0193 | Medium netty-3.7.0.Final.jar
CVE-2014-3488 | Medium netty-3.7.0.Final.jar
CVE-2015-2156 | Medium netty-3.7.0.Final.jar
CVE-2014-0085 | Low zookeeper-3.4.6.jar
CVE-2016-5017 | Medium zookeeper-3.4.6.jar
CVE-2017-5637 | Medium zookeeper-3.4.6.jar
CVE-2018-8012 | Medium zookeeper-3.4.6.jar
CVE-2015-4035 | Medium xz-1.0.jar
CVE-2012-4449 | High org.apache.ratis:ratis-hadoop:0.3.0-SNAPSHOT
CVE-2016-5001 | Low org.apache.ratis:ratis-hadoop:0.3.0-SNAPSHOT
CVE-2017-3161 | Medium org.apache.ratis:ratis-hadoop:0.3.0-SNAPSHOT
CVE-2017-3162 | High org.apache.ratis:ratis-hadoop:0.3.0-SNAPSHOT
