[jira] [Updated] (AIRAVATA-3590) airavata trunk has dependencies on multiple insecure jar dependencies

Thu, 17 Mar 2022 05:40:04 -0700 


     [ 
https://issues.apache.org/jira/browse/AIRAVATA-3590?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

PJ Fanning updated AIRAVATA-3590:
---------------------------------
    Description: 
I ran a dependabot analysis on github.

Major issues with old dependencies include:

* Shiro https://mvnrepository.com/artifact/org.apache.shiro/shiro-core
* log4j https://logging.apache.org/log4j/2.x/security.html
* httpclient https://github.com/pjfanning/airavata/security/dependabot/192
* commons-io https://github.com/advisories/GHSA-gwrp-pvrq-jmwv
* jackson - 
https://mvnrepository.com/artifact/com.fasterxml.jackson.core/jackson-databind
* snakeyaml - https://github.com/advisories/GHSA-rvwf-54qp-4r6v

Many many more.

There are also issues with UI dependencies.

  was:
I ran a dependabot analysis on github.

Major issues with old dependencies include:

* Shiro https://mvnrepository.com/artifact/org.apache.shiro/shiro-core
* log4j https://logging.apache.org/log4j/2.x/security.html
* httpclient https://github.com/pjfanning/airavata/security/dependabot/192
* commons-io https://github.com/advisories/GHSA-gwrp-pvrq-jmwv
* jackson - 
https://mvnrepository.com/artifact/com.fasterxml.jackson.core/jackson-databind

Many many more.

There are also issues with UI dependencies.


> airavata trunk has dependencies on multiple insecure jar dependencies
> ---------------------------------------------------------------------
>
>                 Key: AIRAVATA-3590
>                 URL: https://issues.apache.org/jira/browse/AIRAVATA-3590
>             Project: Airavata
>          Issue Type: Bug
>            Reporter: PJ Fanning
>            Priority: Critical
>
> I ran a dependabot analysis on github.
> Major issues with old dependencies include:
> * Shiro https://mvnrepository.com/artifact/org.apache.shiro/shiro-core
> * log4j https://logging.apache.org/log4j/2.x/security.html
> * httpclient https://github.com/pjfanning/airavata/security/dependabot/192
> * commons-io https://github.com/advisories/GHSA-gwrp-pvrq-jmwv
> * jackson - 
> https://mvnrepository.com/artifact/com.fasterxml.jackson.core/jackson-databind
> * snakeyaml - https://github.com/advisories/GHSA-rvwf-54qp-4r6v
> Many many more.
> There are also issues with UI dependencies.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

Reply via email to