[jira] [Created] (CASSANDRA-15856) Security vulnerabilities with dependency jars of Cassandra 3.11.6

Kshitiz Saxena (Jira) Thu, 04 Jun 2020 08:18:26 -0700

Kshitiz Saxena created CASSANDRA-15856:
------------------------------------------


             Summary: Security vulnerabilities with dependency jars  of 
Cassandra 3.11.6
                 Key: CASSANDRA-15856
                 URL: https://issues.apache.org/jira/browse/CASSANDRA-15856
             Project: Cassandra
          Issue Type: Task
            Reporter: Kshitiz Saxena


The latest release of Cassandra 3.11.6 has few dependency jars which have some 
security vulnerabilities.

 

Apache Thrift (org.apache.thrift:libthrift:0.9.2) has below mentioned security 
vulnerabilities reported
|+[https://nvd.nist.gov/vuln/detail/CVE-2016-5397]+|
|+[https://nvd.nist.gov/vuln/detail/CVE-2018-1320]+|
|+[https://nvd.nist.gov/vuln/detail/CVE-2019-0205]+|

 

Netty Project (io.netty:netty-all:4.0.44.Final) has below mentioned security 
vulnerabilities reported
|+[https://nvd.nist.gov/vuln/detail/CVE-2019-16869]+|
|+[https://nvd.nist.gov/vuln/detail/CVE-2019-20444]+|
|+[https://nvd.nist.gov/vuln/detail/CVE-2019-20445]+|

 

Is there a plan to upgrade these jars in any upcoming release?



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org

[jira] [Created] (CASSANDRA-15856) Security vulnerabilities with dependency jars of Cassandra 3.11.6

Reply via email to