[jira] [Resolved] (RATIS-2324) Upgrade the thrid party dependencies to fix CVE alarts

Attila Doroszlai (Jira) Tue, 09 Sep 2025 23:55:27 -0700


     [ 
https://issues.apache.org/jira/browse/RATIS-2324?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Attila Doroszlai resolved RATIS-2324.
-------------------------------------
    Fix Version/s: thirdparty-1.0.10
       Resolution: Done

> Upgrade the thrid party dependencies to fix CVE alarts
> ------------------------------------------------------
>
>                 Key: RATIS-2324
>                 URL: https://issues.apache.org/jira/browse/RATIS-2324
>             Project: Ratis
>          Issue Type: Improvement
>          Components: thirdparty
>    Affects Versions: thirdparty-1.0.9
>            Reporter: Haonan Hou
>            Assignee: Xinyu Tan
>            Priority: Major
>             Fix For: thirdparty-1.0.10
>
>         Attachments: image-2025-09-09-10-27-10-829.png, 
> image-2025-09-09-10-27-39-985.png, image-2025-09-09-10-28-01-609.png
>
>          Time Spent: 40m
>  Remaining Estimate: 0h
>
> The dependency-check-report of IoTDB shows there are some vulnerable 
> dependencies from ratis thirdparty 1.0.9. 
> !image-2025-09-09-10-27-10-829.png|width=639,height=202!
> !image-2025-09-09-10-27-39-985.png|width=295,height=298!
> !image-2025-09-09-10-28-01-609.png|width=296,height=164!
> Consider upgrading netty and gson to fix them? 



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Resolved] (RATIS-2324) Upgrade the thrid party dependencies to fix CVE alarts

Reply via email to