[ https://issues.apache.org/jira/browse/KYLIN-3372?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16493043#comment-16493043 ]
ASF GitHub Bot commented on KYLIN-3372: --------------------------------------- codecov-io commented on issue #144: KYLIN-3372 upgrade jackson databind version to 2.9.5 URL: https://github.com/apache/kylin/pull/144#issuecomment-392640151 # [Codecov](https://codecov.io/gh/apache/kylin/pull/144?src=pr&el=h1) Report > Merging [#144](https://codecov.io/gh/apache/kylin/pull/144?src=pr&el=desc) into [master](https://codecov.io/gh/apache/kylin/commit/2b1e9f4b965a47dde999eca073bdbf49eecdb63d?src=pr&el=desc) will **increase** coverage by `0.02%`. > The diff coverage is `n/a`. [![Impacted file tree graph](https://codecov.io/gh/apache/kylin/pull/144/graphs/tree.svg?width=650&height=150&src=pr&token=JawVgbgsVo)](https://codecov.io/gh/apache/kylin/pull/144?src=pr&el=tree) ```diff @@ Coverage Diff @@ ## master #144 +/- ## ============================================ + Coverage 21.83% 21.85% +0.02% - Complexity 3888 3889 +1 ============================================ Files 985 985 Lines 59716 59716 Branches 8623 8623 ============================================ + Hits 13039 13052 +13 + Misses 45459 45452 -7 + Partials 1218 1212 -6 ``` | [Impacted Files](https://codecov.io/gh/apache/kylin/pull/144?src=pr&el=tree) | Coverage Δ | Complexity Δ | | |---|---|---|---| | [...a/org/apache/kylin/dict/Number2BytesConverter.java](https://codecov.io/gh/apache/kylin/pull/144/diff?src=pr&el=tree#diff-Y29yZS1kaWN0aW9uYXJ5L3NyYy9tYWluL2phdmEvb3JnL2FwYWNoZS9reWxpbi9kaWN0L051bWJlcjJCeXRlc0NvbnZlcnRlci5qYXZh) | `82.53% <0%> (+0.79%)` | `18% <0%> (+1%)` | :arrow_up: | | [.../apache/kylin/cube/cuboid/TreeCuboidScheduler.java](https://codecov.io/gh/apache/kylin/pull/144/diff?src=pr&el=tree#diff-Y29yZS1jdWJlL3NyYy9tYWluL2phdmEvb3JnL2FwYWNoZS9reWxpbi9jdWJlL2N1Ym9pZC9UcmVlQ3Vib2lkU2NoZWR1bGVyLmphdmE=) | `66.15% <0%> (+2.3%)` | `0% <0%> (ø)` | :arrow_down: | | [...rg/apache/kylin/cube/inmemcubing/MemDiskStore.java](https://codecov.io/gh/apache/kylin/pull/144/diff?src=pr&el=tree#diff-Y29yZS1jdWJlL3NyYy9tYWluL2phdmEvb3JnL2FwYWNoZS9reWxpbi9jdWJlL2lubWVtY3ViaW5nL01lbURpc2tTdG9yZS5qYXZh) | `69.3% <0%> (+2.73%)` | `7% <0%> (ø)` | :arrow_down: | ------ [Continue to review full report at Codecov](https://codecov.io/gh/apache/kylin/pull/144?src=pr&el=continue). > **Legend** - [Click here to learn more](https://docs.codecov.io/docs/codecov-delta) > `Δ = absolute <relative> (impact)`, `ø = not affected`, `? = missing data` > Powered by [Codecov](https://codecov.io/gh/apache/kylin/pull/144?src=pr&el=footer). Last update [2b1e9f4...12222c8](https://codecov.io/gh/apache/kylin/pull/144?src=pr&el=lastupdated). Read the [comment docs](https://docs.codecov.io/docs/pull-request-comments). ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > Upgrade jackson-databind version due to security concerns > --------------------------------------------------------- > > Key: KYLIN-3372 > URL: https://issues.apache.org/jira/browse/KYLIN-3372 > Project: Kylin > Issue Type: Task > Reporter: Ted Yu > Assignee: Chao Long > Priority: Major > Fix For: v2.4.0 > > > * https://nvd.nist.gov/vuln/detail/CVE-2018-5968 > * https://nvd.nist.gov/vuln/detail/CVE-2018-7489 > * https://nvd.nist.gov/vuln/detail/CVE-2017-7525 > * https://nvd.nist.gov/vuln/detail/CVE-2017-17485 > * https://nvd.nist.gov/vuln/detail/CVE-2017-15095 > We should either remove the dependency or upgrade to version 2.8.11.1 or the > latest, if possible. -- This message was sent by Atlassian JIRA (v7.6.3#76005)