[ 
https://issues.apache.org/jira/browse/SYSTEMML-2536?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17130423#comment-17130423
 ] 

Sebastian Baunsgaard commented on SYSTEMML-2536:
------------------------------------------------

Hi XuCongying,

 

We now have a PR, (https://github.com/apache/systemml/pull/973) for this on the 
repository, it will probably not go though right now, since updating the Hadoop 
dependency requires more than just updating the version. 

But thanks for the heads up!

 

> Found CVEs in your dependencies
> -------------------------------
>
>                 Key: SYSTEMML-2536
>                 URL: https://issues.apache.org/jira/browse/SYSTEMML-2536
>             Project: SystemDS
>          Issue Type: Dependency upgrade
>            Reporter: XuCongying
>            Priority: Major
>          Time Spent: 10m
>  Remaining Estimate: 0h
>
> Hi, I have noticed that some library CVEs may be related to your projects. I 
> suggest a library update to avoid potential risks. See below for details:
>  Vulnerable Library Version: com.typesafe.akka : akka-http_2.11 : 10.1.3
>   CVE ID: 
> [CVE-2018-16131](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16131)
>   Import Path: pom.xml
>   Suggested Safe Versions: 10.1.10, 10.1.11, 10.1.5, 10.1.6, 10.1.7, 10.1.8, 
> 10.1.9
>  Vulnerable Library Version: commons-collections : commons-collections : 3.2.1
>   CVE ID: 
> [CVE-2015-6420](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6420)
>   Import Path: pom.xml
>   Suggested Safe Versions: 20030418.083655, 20031027.000000, 20040102.233541, 
> 20040616, 3.2.2
>  Vulnerable Library Version: org.apache.hadoop : hadoop-common : 2.7.7
>   CVE ID: 
> [CVE-2018-8029](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8029),
>  [CVE-2018-8009](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8009)
>   Import Path: pom.xml
>   Suggested Safe Versions: 3.1.1, 3.1.2, 3.1.3, 3.2.0, 3.2.1
>  
> Vulnerable Library Version: org.apache.hadoop : hadoop-hdfs : 2.7.7
>   CVE ID: 
> [CVE-2018-11768](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11768)
>   Import Path: pom.xml
>   Suggested Safe Versions: 2.10.0, 2.8.5, 2.9.2, 3.1.2, 3.1.3, 3.2.0, 3.2.1



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to