[jira] [Commented] (KYLIN-5159) there are several dependencies in main branch with CVEs

ASF GitHub Bot (Jira) Wed, 06 Apr 2022 02:24:06 -0700


    [ 
https://issues.apache.org/jira/browse/KYLIN-5159?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17517985#comment-17517985
 ]


ASF GitHub Bot commented on KYLIN-5159:
---------------------------------------

hit-lacus commented on PR #1814:
URL: https://github.com/apache/kylin/pull/1814#issuecomment-1090051330

   LGTM




> there are several dependencies in main branch with CVEs
> -------------------------------------------------------
>
>                 Key: KYLIN-5159
>                 URL: https://issues.apache.org/jira/browse/KYLIN-5159
>             Project: Kylin
>          Issue Type: Improvement
>            Reporter: PJ Fanning
>            Priority: Major
>
> Some of the more readily addressed ones include:
>  * upgrade to commons-compress 1.21 - see cves in 
> [https://mvnrepository.com/artifact/org.apache.commons/commons-compress]
>  * upgrade to h2 2.1.210 - see cves in 
> [https://mvnrepository.com/artifact/com.h2database/h2]
>  * upgrade to httpclient 4.5.13 - see cves in 
> [https://mvnrepository.com/artifact/org.apache.httpcomponents/httpclient]
>  * update to commons-io 2.7 (or 2.11.0 to get latest code) - see 
> [https://github.com/advisories/GHSA-gwrp-pvrq-jmwv]
>  * upgrade to xerces 2.12.2 - see cves in 
> [https://mvnrepository.com/artifact/xerces/xercesImpl]
>  * many others - but I may be looking at the wrong branch given the large 
> number of vulnerable jars 



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

[jira] [Commented] (KYLIN-5159) there are several dependencies in main branch with CVEs

Reply via email to