[jira] [Commented] (KYLIN-4394) Upgrade dependency version for several CVEs

Wed, 10 Jun 2020 19:15:44 -0700 


    [ 
https://issues.apache.org/jira/browse/KYLIN-4394?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17132843#comment-17132843
 ] 

ASF GitHub Bot commented on KYLIN-4394:
---------------------------------------

codecov-commenter commented on pull request #1253:
URL: https://github.com/apache/kylin/pull/1253#issuecomment-642363767


   # [Codecov](https://codecov.io/gh/apache/kylin/pull/1253?src=pr&el=h1) Report
   > Merging 
[#1253](https://codecov.io/gh/apache/kylin/pull/1253?src=pr&el=desc) into 
[master](https://codecov.io/gh/apache/kylin/commit/c1705947dc2c04d084a4bf3f4ad15877e1c50b2c&el=desc)
 will **increase** coverage by `0.00%`.
   > The diff coverage is `n/a`.
   
   [![Impacted file tree 
graph](https://codecov.io/gh/apache/kylin/pull/1253/graphs/tree.svg?width=650&height=150&src=pr&token=JawVgbgsVo)](https://codecov.io/gh/apache/kylin/pull/1253?src=pr&el=tree)
   
   ```diff
   @@            Coverage Diff            @@
   ##             master    #1253   +/-   ##
   =========================================
     Coverage     25.71%   25.72%           
     Complexity     6626     6626           
   =========================================
     Files          1484     1484           
     Lines         91189    91188    -1     
     Branches      12726    12726           
   =========================================
   + Hits          23447    23454    +7     
   + Misses        65439    65433    -6     
   + Partials       2303     2301    -2     
   ```
   
   
   | [Impacted 
Files](https://codecov.io/gh/apache/kylin/pull/1253?src=pr&el=tree) | Coverage 
Δ | Complexity Δ | |
   |---|---|---|---|
   | 
[...pache/kylin/engine/spark/KylinKryoRegistrator.java](https://codecov.io/gh/apache/kylin/pull/1253/diff?src=pr&el=tree#diff-ZW5naW5lLXNwYXJrL3NyYy9tYWluL2phdmEvb3JnL2FwYWNoZS9reWxpbi9lbmdpbmUvc3BhcmsvS3lsaW5LcnlvUmVnaXN0cmF0b3IuamF2YQ==)
 | `0.00% <ø> (ø)` | `0.00 <0.00> (ø)` | |
   | 
[...a/org/apache/kylin/dict/Number2BytesConverter.java](https://codecov.io/gh/apache/kylin/pull/1253/diff?src=pr&el=tree#diff-Y29yZS1kaWN0aW9uYXJ5L3NyYy9tYWluL2phdmEvb3JnL2FwYWNoZS9reWxpbi9kaWN0L051bWJlcjJCeXRlc0NvbnZlcnRlci5qYXZh)
 | `81.74% <0.00%> (-0.80%)` | `17.00% <0.00%> (-1.00%)` | |
   | 
[...rg/apache/kylin/cube/inmemcubing/MemDiskStore.java](https://codecov.io/gh/apache/kylin/pull/1253/diff?src=pr&el=tree#diff-Y29yZS1jdWJlL3NyYy9tYWluL2phdmEvb3JnL2FwYWNoZS9reWxpbi9jdWJlL2lubWVtY3ViaW5nL01lbURpc2tTdG9yZS5qYXZh)
 | `70.21% <0.00%> (+0.60%)` | `7.00% <0.00%> (ø%)` | |
   | 
[.../apache/kylin/cube/cuboid/TreeCuboidScheduler.java](https://codecov.io/gh/apache/kylin/pull/1253/diff?src=pr&el=tree#diff-Y29yZS1jdWJlL3NyYy9tYWluL2phdmEvb3JnL2FwYWNoZS9reWxpbi9jdWJlL2N1Ym9pZC9UcmVlQ3Vib2lkU2NoZWR1bGVyLmphdmE=)
 | `66.15% <0.00%> (+2.30%)` | `0.00% <0.00%> (ø%)` | |
   | 
[...che/kylin/stream/core/storage/CheckPointStore.java](https://codecov.io/gh/apache/kylin/pull/1253/diff?src=pr&el=tree#diff-c3RyZWFtLWNvcmUvc3JjL21haW4vamF2YS9vcmcvYXBhY2hlL2t5bGluL3N0cmVhbS9jb3JlL3N0b3JhZ2UvQ2hlY2tQb2ludFN0b3JlLmphdmE=)
 | `66.66% <0.00%> (+3.03%)` | `22.00% <0.00%> (+1.00%)` | |
   
   ------
   
   [Continue to review full report at 
Codecov](https://codecov.io/gh/apache/kylin/pull/1253?src=pr&el=continue).
   > **Legend** - [Click here to learn 
more](https://docs.codecov.io/docs/codecov-delta)
   > `Δ = absolute <relative> (impact)`, `ø = not affected`, `? = missing data`
   > Powered by 
[Codecov](https://codecov.io/gh/apache/kylin/pull/1253?src=pr&el=footer). Last 
update 
[c170594...68ef5e6](https://codecov.io/gh/apache/kylin/pull/1253?src=pr&el=lastupdated).
 Read the [comment docs](https://docs.codecov.io/docs/pull-request-comments).
   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


> Upgrade dependency version for several CVEs
> -------------------------------------------
>
>                 Key: KYLIN-4394
>                 URL: https://issues.apache.org/jira/browse/KYLIN-4394
>             Project: Kylin
>          Issue Type: Improvement
>          Components: Security
>            Reporter: XuCongying
>            Assignee: Yaqian Zhang
>            Priority: Major
>             Fix For: v3.1.0
>
>         Attachments: apache-kylin_CVE-report.md
>
>
> I noticed some of your libraries contained CVEs. I suggest updating their 
> versions to increase the security of your project. The following is a 
> detailed content.
>  * *Vulnerable Library Version:* org.scala-lang : scala-compiler : 2.11.0 
> *CVE ID:* 
> [CVE-2017-15288|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15288]
>  *Import Path:* engine-flink/pom.xml, kylin-it/pom.xml, engine-spark/pom.xml 
> *Suggested Safe Versions:* 2.11.12, 2.12.10, 2.12.4, 2.12.5, 2.12.6, 2.12.7, 
> 2.12.8, 2.12.9, 2.13.0, 2.13.0-M1, 2.13.0-M2, 2.13.0-M3, 2.13.0-M3-f73b161, 
> 2.13.0-M4, 2.13.0-M4-pre-20d3c21, 2.13.0-M5, 2.13.0-M5-1775dba, 
> 2.13.0-M5-5eef812, 2.13.0-M5-6e0cba7, 2.13.0-RC1, 2.13.0-RC2, 2.13.0-RC3, 
> 2.13.1
>  * *Vulnerable Library Version:* org.apache.tomcat : tomcat-catalina : 7.0.91 
> *CVE ID:* 
> [CVE-2016-8735|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8735], 
> [CVE-2019-0232|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0232], 
> [CVE-2016-6794|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6794], 
> [CVE-2016-6816|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6816], 
> [CVE-2016-8745|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8745], 
> [CVE-2019-17563|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17563]
>  *Import Path:* tomcat-ext/pom.xml, server/pom.xml, server-base/pom.xml 
> *Suggested Safe Versions:* 10.0.0-M1, 7.0.100, 9.0.30, 9.0.31
>  * *Vulnerable Library Version:* com.h2database : h2 : 1.4.196 *CVE ID:* 
> [CVE-2018-10054|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10054],
>  
> [CVE-2018-14335|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14335]
>  *Import Path:* server/pom.xml, kylin-it/pom.xml, source-jdbc/pom.xml, 
> source-hive/pom.xml, datasource-sdk/pom.xml *Suggested Safe Versions:* 
> 1.4.198, 1.4.199, 1.4.200
>  * *Vulnerable Library Version:* com.google.guava : guava : 14.0 *CVE ID:* 
> [CVE-2018-10237|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10237]
>  *Import Path:* core-storage/pom.xml, stream-receiver/pom.xml, 
> server/pom.xml, core-cube/pom.xml, core-metadata/pom.xml, jdbc/pom.xml, 
> tool-assembly/pom.xml, core-metrics/pom.xml *Suggested Safe Versions:* 
> 24.1.1-android, 24.1.1-jre, 25.0-android, 25.0-jre, 25.1-android, 25.1-jre, 
> 26.0-android, 26.0-jre, 27.0-android, 27.0-jre, 27.0.1-android, 27.0.1-jre, 
> 27.1-android, 27.1-jre, 28.0-android, 28.0-jre, 28.1-android, 28.1-jre, 
> 28.2-android, 28.2-jre
>  * *Vulnerable Library Version:* org.apache.hive.hcatalog : 
> hive-hcatalog-core : 1.2.1 *CVE ID:* 
> [CVE-2015-7521|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7521] 
> *Import Path:* metrics-reporter-hive/pom.xml, assembly/pom.xml, 
> server/pom.xml, kylin-it/pom.xml, source-jdbc/pom.xml, source-hive/pom.xml, 
> server-base/pom.xml *Suggested Safe Versions:* 1.2.2, 2.0.0, 2.0.1, 2.1.0, 
> 2.1.1, 2.2.0, 2.3.0, 2.3.1, 2.3.2, 2.3.3, 2.3.4, 2.3.5, 2.3.6, 3.0.0, 3.1.0, 
> 3.1.1, 3.1.2
>  * *Vulnerable Library Version:* org.apache.spark : spark-core_2.11 : 2.3.2 
> *CVE ID:* 
> [CVE-2017-7678|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7678], 
> [CVE-2018-3826|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3826], 
> [CVE-2018-11770|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11770],
>  
> [CVE-2019-10099|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10099]
>  *Import Path:* server/pom.xml, kylin-it/pom.xml, engine-spark/pom.xml, 
> storage-hbase/pom.xml *Suggested Safe Versions:* 2.4.5
>  * *Vulnerable Library Version:* org.apache.kafka : kafka_2.11 : 1.0.0 *CVE 
> ID:* 
> [CVE-2018-1288|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1288], 
> [CVE-2019-17196|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17196]
>  *Import Path:* assembly/pom.xml, source-kafka/pom.xml, kylin-it/pom.xml, 
> stream-source-kafka/pom.xml, metrics-reporter-kafka/pom.xml *Suggested Safe 
> Versions:* 2.1.1, 2.2.0, 2.2.1, 2.2.2, 2.3.0, 2.3.1, 2.4.0
>  * *Vulnerable Library Version:* org.apache.hive : hive-jdbc : 1.2.1 *CVE 
> ID:* 
> [CVE-2016-3083|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3083], 
> [CVE-2015-7521|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7521], 
> [CVE-2018-1282|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1282] 
> *Import Path:* server/pom.xml, source-jdbc/pom.xml, source-hive/pom.xml 
> *Suggested Safe Versions:* 2.3.3, 2.3.4, 2.3.5, 2.3.6, 3.0.0, 3.1.0, 3.1.1, 
> 3.1.2
>  * *Vulnerable Library Version:* org.apache.hadoop : hadoop-hdfs : 2.7.1 *CVE 
> ID:* 
> [CVE-2016-5001|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5001], 
> [CVE-2018-11768|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11768]
>  *Import Path:* metrics-reporter-hive/pom.xml, assembly/pom.xml, 
> stream-core/pom.xml, stream-receiver/pom.xml, server/pom.xml, 
> kylin-it/pom.xml, engine-mr/pom.xml, storage-hbase/pom.xml *Suggested Safe 
> Versions:* 2.10.0, 2.8.5, 2.9.2, 3.1.2, 3.1.3, 3.2.0, 3.2.1
>  * *Vulnerable Library Version:* org.springframework : spring-core : 
> 4.3.10.RELEASE *CVE ID:* 
> [CVE-2018-1272|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1272] 
> *Import Path:* tool/pom.xml *Suggested Safe Versions:* 4.3.15.RELEASE, 
> 4.3.16.RELEASE, 4.3.17.RELEASE, 4.3.18.RELEASE, 4.3.19.RELEASE, 
> 4.3.20.RELEASE, 4.3.21.RELEASE, 4.3.22.RELEASE, 4.3.23.RELEASE, 
> 4.3.24.RELEASE, 4.3.25.RELEASE, 4.3.26.RELEASE, 5.0.10.RELEASE, 
> 5.0.11.RELEASE, 5.0.12.RELEASE, 5.0.13.RELEASE, 5.0.14.RELEASE, 
> 5.0.15.RELEASE, 5.0.16.RELEASE, 5.0.5.RELEASE, 5.0.6.RELEASE, 5.0.7.RELEASE, 
> 5.0.8.RELEASE, 5.0.9.RELEASE, 5.1.0.RELEASE, 5.1.1.RELEASE, 5.1.10.RELEASE, 
> 5.1.11.RELEASE, 5.1.12.RELEASE, 5.1.13.RELEASE, 5.1.2.RELEASE, 5.1.3.RELEASE, 
> 5.1.4.RELEASE, 5.1.5.RELEASE, 5.1.6.RELEASE, 5.1.7.RELEASE, 5.1.8.RELEASE, 
> 5.1.9.RELEASE, 5.2.0.RELEASE, 5.2.1.RELEASE, 5.2.2.RELEASE, 5.2.3.RELEASE
>  * *Vulnerable Library Version:* com.fasterxml.jackson.core : 
> jackson-databind : 2.9.5 *CVE ID:* 
> [CVE-2019-16335|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16335],
>  
> [CVE-2019-12814|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12814],
>  
> [CVE-2018-19362|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19362],
>  
> [CVE-2018-19360|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19360],
>  
> [CVE-2019-14439|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14439],
>  
> [CVE-2019-16943|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16943],
>  
> [CVE-2019-14379|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14379],
>  
> [CVE-2019-14540|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14540],
>  
> [CVE-2019-17267|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17267],
>  
> [CVE-2018-12023|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12023],
>  
> [CVE-2020-8840|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8840], 
> [CVE-2019-20330|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20330],
>  
> [CVE-2019-12384|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12384],
>  
> [CVE-2019-12086|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12086],
>  
> [CVE-2018-14720|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14720],
>  
> [CVE-2018-14721|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14721],
>  
> [CVE-2018-14719|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14719],
>  
> [CVE-2019-17531|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17531],
>  
> [CVE-2018-14718|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14718],
>  
> [CVE-2018-11307|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11307],
>  
> [CVE-2018-19361|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19361],
>  
> [CVE-2019-16942|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16942]
>  *Import Path:* core-common/pom.xml, stream-receiver/pom.xml *Suggested Safe 
> Versions:* 2.10.0, 2.10.1, 2.10.2, 2.9.10.3
>  * *Vulnerable Library Version:* org.springframework.security : 
> spring-security-core : 4.2.3.RELEASE *CVE ID:* 
> [CVE-2019-3795|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3795], 
> [CVE-2019-11272|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11272]
>  *Import Path:* stream-receiver/pom.xml *Suggested Safe Versions:* 
> 4.2.13.RELEASE, 4.2.14.RELEASE, 5.0.12.RELEASE, 5.0.13.RELEASE, 
> 5.0.14.RELEASE, 5.1.5.RELEASE, 5.1.6.RELEASE, 5.1.7.RELEASE, 5.1.8.RELEASE, 
> 5.2.0.RELEASE, 5.2.1.RELEASE, 5.2.2.RELEASE
>  * *Vulnerable Library Version:* org.apache.hadoop : hadoop-common : 2.7.1 
> *CVE ID:* 
> [CVE-2016-5393|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5393], 
> [CVE-2018-8009|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8009], 
> [CVE-2016-6811|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6811], 
> [CVE-2017-15718|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15718],
>  
> [CVE-2016-3086|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3086], 
> [CVE-2017-15713|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15713],
>  [CVE-2018-8029|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8029] 
> *Import Path:* core-storage/pom.xml, tomcat-ext/pom.xml...(The rest of the 33 
> paths is hidden.) *Suggested Safe Versions:* 3.1.1, 3.1.2, 3.1.3, 3.2.0, 3.2.1
>  * *Vulnerable Library Version:* org.apache.httpcomponents : httpclient : 
> 4.2.5 *CVE ID:* 
> [CVE-2014-3577|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3577], 
> [CVE-2015-5262|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5262] 
> *Import Path:* core-common/pom.xml, jdbc/pom.xml *Suggested Safe Versions:* 
> 4.3.6, 4.4, 4.4-alpha1, 4.4-beta1, 4.4.1, 4.5, 4.5.1, 4.5.10, 4.5.11, 4.5.2, 
> 4.5.3, 4.5.4, 4.5.5, 4.5.6, 4.5.7, 4.5.8, 4.5.9
>  * *Vulnerable Library Version:* org.springframework : spring-webmvc : 
> 4.3.10.RELEASE *CVE ID:* 
> [CVE-2018-15756|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15756],
>  
> [CVE-2018-1271|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1271], 
> [CVE-2018-1199|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1199] 
> *Import Path:* stream-receiver/pom.xml, server-base/pom.xml *Suggested Safe 
> Versions:* 4.3.20.RELEASE, 4.3.21.RELEASE, 4.3.22.RELEASE, 4.3.23.RELEASE, 
> 4.3.24.RELEASE, 4.3.25.RELEASE, 4.3.26.RELEASE, 5.0.16.RELEASE, 
> 5.1.13.RELEASE, 5.2.3.RELEASE
>  * *Vulnerable Library Version:* org.apache.hadoop : 
> hadoop-mapreduce-client-core : 2.7.1 *CVE ID:* 
> [CVE-2017-3166|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3166] 
> *Import Path:* engine-flink/pom.xml, server/pom.xml, kylin-it/pom.xml, 
> engine-mr/pom.xml *Suggested Safe Versions:* 2.10.0, 2.7.4, 2.7.5, 2.7.6, 
> 2.7.7, 2.8.0, 2.8.1, 2.8.2, 2.8.3, 2.8.4, 2.8.5, 2.9.0, 2.9.1, 2.9.2, 
> 3.0.0-alpha4, 3.0.0-beta1, 3.0.1, 3.0.2, 3.0.3, 3.1.0, 3.1.1, 3.1.2, 3.1.3, 
> 3.2.0, 3.2.1
>  * *Vulnerable Library Version:* org.apache.commons : commons-compress : 1.18 
> *CVE ID:* 
> [CVE-2019-12402|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12402]
>  *Import Path:* core-common/pom.xml *Suggested Safe Versions:* 1.19, 1.20
>  * *Vulnerable Library Version:* org.eclipse.jetty : jetty-server : 
> 9.3.22.v20171030 *CVE ID:* 
> [CVE-2017-7656|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7656], 
> [CVE-2019-10247|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10247],
>  
> [CVE-2017-7657|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7657], 
> [CVE-2017-7658|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7658], 
> [CVE-2018-12536|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12536]
>  *Import Path:* stream-receiver/pom.xml, server/pom.xml, server-base/pom.xml 
> *Suggested Safe Versions:* 10.0.0-alpha0, 10.0.0.alpha1, 9.4.17.v20190418, 
> 9.4.18.v20190429, 9.4.19.v20190610, 9.4.20.v20190813, 9.4.24.v20191120, 
> 9.4.25.v20191220, 9.4.26.v20200117
>  * *Vulnerable Library Version:* mysql : mysql-connector-java : 5.1.8 *CVE 
> ID:* 
> [CVE-2019-2692|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2692], 
> [CVE-2017-3523|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3523], 
> [CVE-2017-3589|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3589] 
> *Import Path:* core-common/pom.xml, server/pom.xml, kylin-it/pom.xml 
> *Suggested Safe Versions:* 8.0.16, 8.0.17, 8.0.18, 8.0.19
>  * *Vulnerable Library Version:* org.postgresql : postgresql : 42.1.1 *CVE 
> ID:* 
> [CVE-2018-10936|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10936]
>  *Import Path:* datasource-sdk/pom.xml *Suggested Safe Versions:* 42.2.10, 
> 42.2.10.jre6, 42.2.10.jre7, 42.2.5, 42.2.5.jre6, 42.2.5.jre7, 42.2.6, 
> 42.2.6.jre6, 42.2.6.jre7, 42.2.7, 42.2.7.jre6, 42.2.7.jre7, 42.2.8, 
> 42.2.8.jre6, 42.2.8.jre7, 42.2.9, 42.2.9.jre6, 42.2.9.jre7
>  * *Vulnerable Library Version:* xerces : xercesImpl : 2.11.0 *CVE ID:* 
> [CVE-2012-0881|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0881], 
> [CVE-2013-4002|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4002] 
> *Import Path:* kylin-it/pom.xml *Suggested Safe Versions:* 2.12.0



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to