[jira] [Assigned] (IOTDB-1792) fix CVE issues caused by dependencies

Xiangdong Huang (Jira) Mon, 04 Oct 2021 20:01:05 -0700


     [ 
https://issues.apache.org/jira/browse/IOTDB-1792?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Xiangdong Huang reassigned IOTDB-1792:
--------------------------------------

    Assignee: Xiangdong Huang

> fix CVE issues caused by dependencies
> -------------------------------------
>
>                 Key: IOTDB-1792
>                 URL: https://issues.apache.org/jira/browse/IOTDB-1792
>             Project: Apache IoTDB
>          Issue Type: Task
>            Reporter: Xiangdong Huang
>            Assignee: Xiangdong Huang
>            Priority: Major
>
> As IoTDB-session depends libthrift, which depends tomcat-embed, there may be 
> some CVE issues.
> Besides, some the version of some transitive  dependencies are not 
> consistent, e.g., httpclient 4.5.13 and 4.5.12
> So, we need to upgrade dependencies and let the following check passed:
> mvn validate -P enforce



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Assigned] (IOTDB-1792) fix CVE issues caused by dependencies

Reply via email to