[jira] [Created] (IOTDB-1792) fix CVE issues caused by dependencies

Xiangdong Huang (Jira) Mon, 04 Oct 2021 20:00:11 -0700

Xiangdong Huang created IOTDB-1792:
--------------------------------------

             Summary: fix CVE issues caused by dependencies
                 Key: IOTDB-1792
                 URL: https://issues.apache.org/jira/browse/IOTDB-1792
             Project: Apache IoTDB
          Issue Type: Task
            Reporter: Xiangdong Huang



As IoTDB-session depends libthrift, which depends tomcat-embed, there may be 
some CVE issues.

Besides, some the version of some transitive  dependencies are not consistent, 
e.g., httpclient 4.5.13 and 4.5.12

So, we need to upgrade dependencies and let the following check passed:

mvn validate -P enforce




--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Created] (IOTDB-1792) fix CVE issues caused by dependencies

Reply via email to