[jira] [Commented] (KYLIN-4394) Upgrade dependency version for several CVEs

Wed, 10 Jun 2020 18:59:43 -0700 


    [ 
https://issues.apache.org/jira/browse/KYLIN-4394?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17132838#comment-17132838
 ] 

ASF GitHub Bot commented on KYLIN-4394:
---------------------------------------

hit-lacus commented on pull request #1253:
URL: https://github.com/apache/kylin/pull/1253#issuecomment-642359236


   ### Reproduce in EMR
   ```
   20/06/10 10:21:20 INFO MemoryStore: Block broadcast_2 stored as values in 
memory (estimated size 216.5 KB, free 1028.3 MB)
   20/06/10 10:21:20 ERROR KylinKryoRegistrator: failed to load class
   java.lang.ClassNotFoundException: 
org.apache.kylin.shaded.com.google.common.collect.EmptyImmutableList
        at java.net.URLClassLoader.findClass(URLClassLoader.java:382)
        at java.lang.ClassLoader.loadClass(ClassLoader.java:418)
        at java.lang.ClassLoader.loadClass(ClassLoader.java:351)
        at java.lang.Class.forName0(Native Method)
        at java.lang.Class.forName(Class.java:264)
        at 
org.apache.kylin.engine.spark.KylinKryoRegistrator.addClassQuitely(KylinKryoRegistrator.java:322)
        at 
org.apache.kylin.engine.spark.KylinKryoRegistrator.registerClasses(KylinKryoRegistrator.java:110)
        at 
org.apache.spark.serializer.KryoSerializer$$anonfun$newKryo$6.apply(KryoSerializer.scala:137)
        at 
org.apache.spark.serializer.KryoSerializer$$anonfun$newKryo$6.apply(KryoSerializer.scala:137)
        at 
scala.collection.IndexedSeqOptimized$class.foreach(IndexedSeqOptimized.scala:33)
        at scala.collection.mutable.ArrayOps$ofRef.foreach(ArrayOps.scala:186)
        at 
org.apache.spark.serializer.KryoSerializer.newKryo(KryoSerializer.scala:137)
        at 
org.apache.spark.serializer.KryoSerializerInstance.borrowKryo(KryoSerializer.scala:329)
        at 
org.apache.spark.serializer.KryoSerializerInstance.<init>(KryoSerializer.scala:314)
        at 
org.apache.spark.serializer.KryoSerializer.newInstance(KryoSerializer.scala:223)
        at 
org.apache.spark.broadcast.TorrentBroadcast$.blockifyObject(TorrentBroadcast.scala:288)
        at 
org.apache.spark.broadcast.TorrentBroadcast.writeBlocks(TorrentBroadcast.scala:127)
        at 
org.apache.spark.broadcast.TorrentBroadcast.<init>(TorrentBroadcast.scala:88)
        at 
org.apache.spark.broadcast.TorrentBroadcastFactory.newBroadcast(TorrentBroadcastFactory.scala:34)
        at 
org.apache.spark.broadcast.BroadcastManager.newBroadcast(BroadcastManager.scala:62)
        at org.apache.spark.SparkContext.broadcast(SparkContext.scala:1489)
        at 
org.apache.spark.scheduler.DAGScheduler.submitMissingTasks(DAGScheduler.scala:1203)
        at 
org.apache.spark.scheduler.DAGScheduler.org$apache$spark$scheduler$DAGScheduler$$submitStage(DAGScheduler.scala:1111)
        at 
org.apache.spark.scheduler.DAGScheduler$$anonfun$submitWaitingChildStages$6.apply(DAGScheduler.scala:924)
        at 
org.apache.spark.scheduler.DAGScheduler$$anonfun$submitWaitingChildStages$6.apply(DAGScheduler.scala:923)
        at 
scala.collection.IndexedSeqOptimized$class.foreach(IndexedSeqOptimized.scala:33)
        at scala.collection.mutable.ArrayOps$ofRef.foreach(ArrayOps.scala:186)
        at 
org.apache.spark.scheduler.DAGScheduler.submitWaitingChildStages(DAGScheduler.scala:923)
        at 
org.apache.spark.scheduler.DAGScheduler.handleTaskCompletion(DAGScheduler.scala:1472)
        at 
org.apache.spark.scheduler.DAGSchedulerEventProcessLoop.doOnReceive(DAGScheduler.scala:2261)
        at 
org.apache.spark.scheduler.DAGSchedulerEventProcessLoop.onReceive(DAGScheduler.scala:2213)
        at 
org.apache.spark.scheduler.DAGSchedulerEventProcessLoop.onReceive(DAGScheduler.scala:2202)
        at org.apache.spark.util.EventLoop$$anon$1.run(EventLoop.scala:49)
   20/06/10 10:21:20 INFO MemoryStore: Block broadcast_2_piece0 stored as bytes 
in memory (estimated size 45.1 KB, free 1028.3 MB)
   ```


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


> Upgrade dependency version for several CVEs
> -------------------------------------------
>
>                 Key: KYLIN-4394
>                 URL: https://issues.apache.org/jira/browse/KYLIN-4394
>             Project: Kylin
>          Issue Type: Improvement
>          Components: Security
>            Reporter: XuCongying
>            Assignee: Yaqian Zhang
>            Priority: Major
>             Fix For: v3.1.0
>
>         Attachments: apache-kylin_CVE-report.md
>
>
> I noticed some of your libraries contained CVEs. I suggest updating their 
> versions to increase the security of your project. The following is a 
> detailed content.
>  * *Vulnerable Library Version:* org.scala-lang : scala-compiler : 2.11.0 
> *CVE ID:* 
> [CVE-2017-15288|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15288]
>  *Import Path:* engine-flink/pom.xml, kylin-it/pom.xml, engine-spark/pom.xml 
> *Suggested Safe Versions:* 2.11.12, 2.12.10, 2.12.4, 2.12.5, 2.12.6, 2.12.7, 
> 2.12.8, 2.12.9, 2.13.0, 2.13.0-M1, 2.13.0-M2, 2.13.0-M3, 2.13.0-M3-f73b161, 
> 2.13.0-M4, 2.13.0-M4-pre-20d3c21, 2.13.0-M5, 2.13.0-M5-1775dba, 
> 2.13.0-M5-5eef812, 2.13.0-M5-6e0cba7, 2.13.0-RC1, 2.13.0-RC2, 2.13.0-RC3, 
> 2.13.1
>  * *Vulnerable Library Version:* org.apache.tomcat : tomcat-catalina : 7.0.91 
> *CVE ID:* 
> [CVE-2016-8735|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8735], 
> [CVE-2019-0232|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0232], 
> [CVE-2016-6794|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6794], 
> [CVE-2016-6816|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6816], 
> [CVE-2016-8745|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8745], 
> [CVE-2019-17563|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17563]
>  *Import Path:* tomcat-ext/pom.xml, server/pom.xml, server-base/pom.xml 
> *Suggested Safe Versions:* 10.0.0-M1, 7.0.100, 9.0.30, 9.0.31
>  * *Vulnerable Library Version:* com.h2database : h2 : 1.4.196 *CVE ID:* 
> [CVE-2018-10054|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10054],
>  
> [CVE-2018-14335|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14335]
>  *Import Path:* server/pom.xml, kylin-it/pom.xml, source-jdbc/pom.xml, 
> source-hive/pom.xml, datasource-sdk/pom.xml *Suggested Safe Versions:* 
> 1.4.198, 1.4.199, 1.4.200
>  * *Vulnerable Library Version:* com.google.guava : guava : 14.0 *CVE ID:* 
> [CVE-2018-10237|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10237]
>  *Import Path:* core-storage/pom.xml, stream-receiver/pom.xml, 
> server/pom.xml, core-cube/pom.xml, core-metadata/pom.xml, jdbc/pom.xml, 
> tool-assembly/pom.xml, core-metrics/pom.xml *Suggested Safe Versions:* 
> 24.1.1-android, 24.1.1-jre, 25.0-android, 25.0-jre, 25.1-android, 25.1-jre, 
> 26.0-android, 26.0-jre, 27.0-android, 27.0-jre, 27.0.1-android, 27.0.1-jre, 
> 27.1-android, 27.1-jre, 28.0-android, 28.0-jre, 28.1-android, 28.1-jre, 
> 28.2-android, 28.2-jre
>  * *Vulnerable Library Version:* org.apache.hive.hcatalog : 
> hive-hcatalog-core : 1.2.1 *CVE ID:* 
> [CVE-2015-7521|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7521] 
> *Import Path:* metrics-reporter-hive/pom.xml, assembly/pom.xml, 
> server/pom.xml, kylin-it/pom.xml, source-jdbc/pom.xml, source-hive/pom.xml, 
> server-base/pom.xml *Suggested Safe Versions:* 1.2.2, 2.0.0, 2.0.1, 2.1.0, 
> 2.1.1, 2.2.0, 2.3.0, 2.3.1, 2.3.2, 2.3.3, 2.3.4, 2.3.5, 2.3.6, 3.0.0, 3.1.0, 
> 3.1.1, 3.1.2
>  * *Vulnerable Library Version:* org.apache.spark : spark-core_2.11 : 2.3.2 
> *CVE ID:* 
> [CVE-2017-7678|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7678], 
> [CVE-2018-3826|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3826], 
> [CVE-2018-11770|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11770],
>  
> [CVE-2019-10099|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10099]
>  *Import Path:* server/pom.xml, kylin-it/pom.xml, engine-spark/pom.xml, 
> storage-hbase/pom.xml *Suggested Safe Versions:* 2.4.5
>  * *Vulnerable Library Version:* org.apache.kafka : kafka_2.11 : 1.0.0 *CVE 
> ID:* 
> [CVE-2018-1288|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1288], 
> [CVE-2019-17196|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17196]
>  *Import Path:* assembly/pom.xml, source-kafka/pom.xml, kylin-it/pom.xml, 
> stream-source-kafka/pom.xml, metrics-reporter-kafka/pom.xml *Suggested Safe 
> Versions:* 2.1.1, 2.2.0, 2.2.1, 2.2.2, 2.3.0, 2.3.1, 2.4.0
>  * *Vulnerable Library Version:* org.apache.hive : hive-jdbc : 1.2.1 *CVE 
> ID:* 
> [CVE-2016-3083|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3083], 
> [CVE-2015-7521|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7521], 
> [CVE-2018-1282|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1282] 
> *Import Path:* server/pom.xml, source-jdbc/pom.xml, source-hive/pom.xml 
> *Suggested Safe Versions:* 2.3.3, 2.3.4, 2.3.5, 2.3.6, 3.0.0, 3.1.0, 3.1.1, 
> 3.1.2
>  * *Vulnerable Library Version:* org.apache.hadoop : hadoop-hdfs : 2.7.1 *CVE 
> ID:* 
> [CVE-2016-5001|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5001], 
> [CVE-2018-11768|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11768]
>  *Import Path:* metrics-reporter-hive/pom.xml, assembly/pom.xml, 
> stream-core/pom.xml, stream-receiver/pom.xml, server/pom.xml, 
> kylin-it/pom.xml, engine-mr/pom.xml, storage-hbase/pom.xml *Suggested Safe 
> Versions:* 2.10.0, 2.8.5, 2.9.2, 3.1.2, 3.1.3, 3.2.0, 3.2.1
>  * *Vulnerable Library Version:* org.springframework : spring-core : 
> 4.3.10.RELEASE *CVE ID:* 
> [CVE-2018-1272|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1272] 
> *Import Path:* tool/pom.xml *Suggested Safe Versions:* 4.3.15.RELEASE, 
> 4.3.16.RELEASE, 4.3.17.RELEASE, 4.3.18.RELEASE, 4.3.19.RELEASE, 
> 4.3.20.RELEASE, 4.3.21.RELEASE, 4.3.22.RELEASE, 4.3.23.RELEASE, 
> 4.3.24.RELEASE, 4.3.25.RELEASE, 4.3.26.RELEASE, 5.0.10.RELEASE, 
> 5.0.11.RELEASE, 5.0.12.RELEASE, 5.0.13.RELEASE, 5.0.14.RELEASE, 
> 5.0.15.RELEASE, 5.0.16.RELEASE, 5.0.5.RELEASE, 5.0.6.RELEASE, 5.0.7.RELEASE, 
> 5.0.8.RELEASE, 5.0.9.RELEASE, 5.1.0.RELEASE, 5.1.1.RELEASE, 5.1.10.RELEASE, 
> 5.1.11.RELEASE, 5.1.12.RELEASE, 5.1.13.RELEASE, 5.1.2.RELEASE, 5.1.3.RELEASE, 
> 5.1.4.RELEASE, 5.1.5.RELEASE, 5.1.6.RELEASE, 5.1.7.RELEASE, 5.1.8.RELEASE, 
> 5.1.9.RELEASE, 5.2.0.RELEASE, 5.2.1.RELEASE, 5.2.2.RELEASE, 5.2.3.RELEASE
>  * *Vulnerable Library Version:* com.fasterxml.jackson.core : 
> jackson-databind : 2.9.5 *CVE ID:* 
> [CVE-2019-16335|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16335],
>  
> [CVE-2019-12814|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12814],
>  
> [CVE-2018-19362|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19362],
>  
> [CVE-2018-19360|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19360],
>  
> [CVE-2019-14439|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14439],
>  
> [CVE-2019-16943|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16943],
>  
> [CVE-2019-14379|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14379],
>  
> [CVE-2019-14540|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14540],
>  
> [CVE-2019-17267|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17267],
>  
> [CVE-2018-12023|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12023],
>  
> [CVE-2020-8840|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8840], 
> [CVE-2019-20330|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20330],
>  
> [CVE-2019-12384|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12384],
>  
> [CVE-2019-12086|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12086],
>  
> [CVE-2018-14720|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14720],
>  
> [CVE-2018-14721|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14721],
>  
> [CVE-2018-14719|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14719],
>  
> [CVE-2019-17531|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17531],
>  
> [CVE-2018-14718|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14718],
>  
> [CVE-2018-11307|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11307],
>  
> [CVE-2018-19361|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19361],
>  
> [CVE-2019-16942|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16942]
>  *Import Path:* core-common/pom.xml, stream-receiver/pom.xml *Suggested Safe 
> Versions:* 2.10.0, 2.10.1, 2.10.2, 2.9.10.3
>  * *Vulnerable Library Version:* org.springframework.security : 
> spring-security-core : 4.2.3.RELEASE *CVE ID:* 
> [CVE-2019-3795|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3795], 
> [CVE-2019-11272|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11272]
>  *Import Path:* stream-receiver/pom.xml *Suggested Safe Versions:* 
> 4.2.13.RELEASE, 4.2.14.RELEASE, 5.0.12.RELEASE, 5.0.13.RELEASE, 
> 5.0.14.RELEASE, 5.1.5.RELEASE, 5.1.6.RELEASE, 5.1.7.RELEASE, 5.1.8.RELEASE, 
> 5.2.0.RELEASE, 5.2.1.RELEASE, 5.2.2.RELEASE
>  * *Vulnerable Library Version:* org.apache.hadoop : hadoop-common : 2.7.1 
> *CVE ID:* 
> [CVE-2016-5393|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5393], 
> [CVE-2018-8009|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8009], 
> [CVE-2016-6811|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6811], 
> [CVE-2017-15718|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15718],
>  
> [CVE-2016-3086|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3086], 
> [CVE-2017-15713|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15713],
>  [CVE-2018-8029|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8029] 
> *Import Path:* core-storage/pom.xml, tomcat-ext/pom.xml...(The rest of the 33 
> paths is hidden.) *Suggested Safe Versions:* 3.1.1, 3.1.2, 3.1.3, 3.2.0, 3.2.1
>  * *Vulnerable Library Version:* org.apache.httpcomponents : httpclient : 
> 4.2.5 *CVE ID:* 
> [CVE-2014-3577|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3577], 
> [CVE-2015-5262|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5262] 
> *Import Path:* core-common/pom.xml, jdbc/pom.xml *Suggested Safe Versions:* 
> 4.3.6, 4.4, 4.4-alpha1, 4.4-beta1, 4.4.1, 4.5, 4.5.1, 4.5.10, 4.5.11, 4.5.2, 
> 4.5.3, 4.5.4, 4.5.5, 4.5.6, 4.5.7, 4.5.8, 4.5.9
>  * *Vulnerable Library Version:* org.springframework : spring-webmvc : 
> 4.3.10.RELEASE *CVE ID:* 
> [CVE-2018-15756|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15756],
>  
> [CVE-2018-1271|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1271], 
> [CVE-2018-1199|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1199] 
> *Import Path:* stream-receiver/pom.xml, server-base/pom.xml *Suggested Safe 
> Versions:* 4.3.20.RELEASE, 4.3.21.RELEASE, 4.3.22.RELEASE, 4.3.23.RELEASE, 
> 4.3.24.RELEASE, 4.3.25.RELEASE, 4.3.26.RELEASE, 5.0.16.RELEASE, 
> 5.1.13.RELEASE, 5.2.3.RELEASE
>  * *Vulnerable Library Version:* org.apache.hadoop : 
> hadoop-mapreduce-client-core : 2.7.1 *CVE ID:* 
> [CVE-2017-3166|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3166] 
> *Import Path:* engine-flink/pom.xml, server/pom.xml, kylin-it/pom.xml, 
> engine-mr/pom.xml *Suggested Safe Versions:* 2.10.0, 2.7.4, 2.7.5, 2.7.6, 
> 2.7.7, 2.8.0, 2.8.1, 2.8.2, 2.8.3, 2.8.4, 2.8.5, 2.9.0, 2.9.1, 2.9.2, 
> 3.0.0-alpha4, 3.0.0-beta1, 3.0.1, 3.0.2, 3.0.3, 3.1.0, 3.1.1, 3.1.2, 3.1.3, 
> 3.2.0, 3.2.1
>  * *Vulnerable Library Version:* org.apache.commons : commons-compress : 1.18 
> *CVE ID:* 
> [CVE-2019-12402|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12402]
>  *Import Path:* core-common/pom.xml *Suggested Safe Versions:* 1.19, 1.20
>  * *Vulnerable Library Version:* org.eclipse.jetty : jetty-server : 
> 9.3.22.v20171030 *CVE ID:* 
> [CVE-2017-7656|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7656], 
> [CVE-2019-10247|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10247],
>  
> [CVE-2017-7657|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7657], 
> [CVE-2017-7658|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7658], 
> [CVE-2018-12536|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12536]
>  *Import Path:* stream-receiver/pom.xml, server/pom.xml, server-base/pom.xml 
> *Suggested Safe Versions:* 10.0.0-alpha0, 10.0.0.alpha1, 9.4.17.v20190418, 
> 9.4.18.v20190429, 9.4.19.v20190610, 9.4.20.v20190813, 9.4.24.v20191120, 
> 9.4.25.v20191220, 9.4.26.v20200117
>  * *Vulnerable Library Version:* mysql : mysql-connector-java : 5.1.8 *CVE 
> ID:* 
> [CVE-2019-2692|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2692], 
> [CVE-2017-3523|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3523], 
> [CVE-2017-3589|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3589] 
> *Import Path:* core-common/pom.xml, server/pom.xml, kylin-it/pom.xml 
> *Suggested Safe Versions:* 8.0.16, 8.0.17, 8.0.18, 8.0.19
>  * *Vulnerable Library Version:* org.postgresql : postgresql : 42.1.1 *CVE 
> ID:* 
> [CVE-2018-10936|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10936]
>  *Import Path:* datasource-sdk/pom.xml *Suggested Safe Versions:* 42.2.10, 
> 42.2.10.jre6, 42.2.10.jre7, 42.2.5, 42.2.5.jre6, 42.2.5.jre7, 42.2.6, 
> 42.2.6.jre6, 42.2.6.jre7, 42.2.7, 42.2.7.jre6, 42.2.7.jre7, 42.2.8, 
> 42.2.8.jre6, 42.2.8.jre7, 42.2.9, 42.2.9.jre6, 42.2.9.jre7
>  * *Vulnerable Library Version:* xerces : xercesImpl : 2.11.0 *CVE ID:* 
> [CVE-2012-0881|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0881], 
> [CVE-2013-4002|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4002] 
> *Import Path:* kylin-it/pom.xml *Suggested Safe Versions:* 2.12.0



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to