Matt Darwin created ARROW-1240:
----------------------------------
Summary: security: upgrade logback to address CVE-2017-5929
Key: ARROW-1240
URL: https://issues.apache.org/jira/browse/ARROW-1240
Project: Apache Arrow
Issue Type: Bug
Components: Java - Memory
Affects Versions: 0.5.0
Reporter: Matt Darwin
logback versions before 1.2.0 are affected by "a rather severe serialization
vulnerability in SocketServer and ServerSocketReceiver".
We should upgrade logback from 1.0.13 to the latest version (currently 1.2.3)
in order to address this.
See https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5929
and
https://logback.qos.ch/news.html
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
