[ https://issues.apache.org/jira/browse/AIRAVATA-3590?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17541149#comment-17541149 ]
ASF subversion and git services commented on AIRAVATA-3590: ----------------------------------------------------------- Commit f412aeb290dda5be31e950dd3a0d8561280dd357 in airavata's branch refs/heads/develop from PJ Fanning [ https://gitbox.apache.org/repos/asf?p=airavata.git;h=f412aeb290 ] AIRAVATA-3590 upgrade log4j and commons-io > airavata trunk has dependencies on multiple insecure jar dependencies > --------------------------------------------------------------------- > > Key: AIRAVATA-3590 > URL: https://issues.apache.org/jira/browse/AIRAVATA-3590 > Project: Airavata > Issue Type: Bug > Reporter: PJ Fanning > Priority: Critical > > I ran a dependabot analysis on github. > Major issues with old dependencies include: > * Shiro https://mvnrepository.com/artifact/org.apache.shiro/shiro-core > * log4j https://logging.apache.org/log4j/2.x/security.html > * httpclient https://github.com/pjfanning/airavata/security/dependabot/192 > * commons-io https://github.com/advisories/GHSA-gwrp-pvrq-jmwv > * jackson - > https://mvnrepository.com/artifact/com.fasterxml.jackson.core/jackson-databind > * snakeyaml - https://github.com/advisories/GHSA-rvwf-54qp-4r6v > Many many more. > There are also issues with UI dependencies. -- This message was sent by Atlassian Jira (v8.20.7#820007)