[
https://issues.apache.org/jira/browse/STORM-3852?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Richard Zowalla closed STORM-3852.
----------------------------------
Resolution: Won't Fix
Storm 1.x isn't maintained anymore.
> Storm 1.2.4 Vulnerability in Grype Scan
> ---------------------------------------
>
> Key: STORM-3852
> URL: https://issues.apache.org/jira/browse/STORM-3852
> Project: Apache Storm
> Issue Type: Improvement
> Affects Versions: 1.2.4
> Reporter: Indranil Roy Chowdhury
> Priority: Major
> Attachments: Storm 1.2.4 VA Analysis.xls
>
>
> [ Grype|https://github.com/anchore/grype] scan done on Storm 1.2.4
> distribution identifies several vulnerabilities due dependent jars of several
> modules. Please refer to attached xls workbook for a detailed listing.
> Summary of all CVEs are as below. Mitigating critical and high
> vulnerabilities are much needed for production deployment of storm. Please
> investigate and advise how the critical and high defects can be addressed at
> minimum.
> ||Severity||Count||
> |Critical|63|
> |High|122|
> |Medium|43|
> |Low|7|
> *NOTE* : Over 90% of reported issues are originating from Storm external
> folder artifacts. Without considering artifacts in external folder the
> reported summary is as below.
> ||Severity||Count||
> |Critical|14|
> |High|31|
> |Medium|24|
> |Low|4|
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
