[jira] [Created] (AIRAVATA-3704) CLONE - airavata trunk has dependencies on multiple insecure jar dependencies

Wed, 20 Sep 2023 21:36:06 -0700 

Vikas Gupta created AIRAVATA-3704:
-------------------------------------

             Summary: CLONE - airavata trunk has dependencies on multiple 
insecure jar dependencies
                 Key: AIRAVATA-3704
                 URL: https://issues.apache.org/jira/browse/AIRAVATA-3704
             Project: Airavata
          Issue Type: Bug
            Reporter: Vikas Gupta


I ran a dependabot analysis on github.

Major issues with old dependencies include:

* Shiro https://mvnrepository.com/artifact/org.apache.shiro/shiro-core
* log4j https://logging.apache.org/log4j/2.x/security.html
* httpclient https://github.com/pjfanning/airavata/security/dependabot/192
* commons-io https://github.com/advisories/GHSA-gwrp-pvrq-jmwv
* jackson - 
https://mvnrepository.com/artifact/com.fasterxml.jackson.core/jackson-databind
* snakeyaml - https://github.com/advisories/GHSA-rvwf-54qp-4r6v

Many many more.

There are also issues with UI dependencies.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to