[jira] [Comment Edited] (FLUME-3452) Transient dependency of tomcat-embed-core : 8.5.46 causing CVE 2020-1938

Wed, 26 Apr 2023 11:50:07 -0700 


    [ 
https://issues.apache.org/jira/browse/FLUME-3452?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17716864#comment-17716864
 ] 

Nikita Pande edited comment on FLUME-3452 at 4/26/23 6:49 PM:
--------------------------------------------------------------

{color:#172b4d}org.apache.flume : flume-ng-embedded-agent : 1.11.0{color}
 * {color:#172b4d}org.apache.flume : flume-ng-configuration : 1.11.0{color}
 ** {color:#172b4d}org.apache.flume : flume-ng-sdk : 1.11.0{color}
 *** {color:#172b4d}org.apache.thrift : libthrift : 0.14.2{color}
 **** {color:#172b4d}org.apache.tomcat.embed : tomcat-embed-core : 8.5.46{color}

{color:#172b4d}Still  libthrift : 0.14.2 has dependency on tomcat-embed-core : 
8.5.46 [~rgoers].{color}

{color:#172b4d}Refer 
[https://github.com/apache/thrift/blob/0.14.2/lib/java/gradle.properties] 
{color}


was (Author: JIRAUSER298527):
{color:#172b4d}org.apache.flume : flume-ng-embedded-agent : 1.11.0{color}
 * {color:#172b4d}org.apache.flume : flume-ng-configuration : 1.11.0{color}
 ** {color:#172b4d}org.apache.flume : flume-ng-sdk : 1.11.0{color}
 *** {color:#172b4d}org.apache.thrift : libthrift : 0.14.2{color}
 **** {color:#172b4d}org.apache.tomcat.embed : tomcat-embed-core : 8.5.46{color}

{color:#172b4d}Still  libthrift : 0.14.2 has dependency on tomcat-embed-core : 
8.5.46  [~rgoers] {color}

> Transient dependency of tomcat-embed-core : 8.5.46 causing CVE 2020-1938
> ------------------------------------------------------------------------
>
>                 Key: FLUME-3452
>                 URL: https://issues.apache.org/jira/browse/FLUME-3452
>             Project: Flume
>          Issue Type: Improvement
>    Affects Versions: notrack
>            Reporter: Nikita Pande
>            Priority: Major
>             Fix For: 1.12.0
>
>          Time Spent: 1h 10m
>  Remaining Estimate: 0h
>
> org.apache.thrift:libthrift:0.14.1 has dependency on tomcat-embed-core : 
> 8.5.46 which is causing CVE 2020-1938



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to