[jira] [Commented] (DERBY-7135) Does derby 10.14.2.0 contain the CVE-2020-13949 vulnerability?
[ https://issues.apache.org/jira/browse/DERBY-7135?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17510253#comment-17510253 ] JenickLee commented on DERBY-7135: -- Confirmed with the scanning tool, this is a false positive. Thank you. > Does derby 10.14.2.0 contain the CVE-2020-13949 vulnerability? > -- > > Key: DERBY-7135 > URL: https://issues.apache.org/jira/browse/DERBY-7135 > Project: Derby > Issue Type: Bug >Affects Versions: 10.14.2.0 >Reporter: JenickLee >Priority: Blocker > Attachments: Snipaste_2022-03-22_00-43-37.png, > Snipaste_2022-03-22_00-51-12.png > > > Use a security tool to scan the derby 10.14.2.0 installation package. *The > result shows that derbynet.jar contains the CVE-2020-13949 vulnerability.* > The vulnerability is related to Hive and Thrift, but no reference is found > in the derby 10.14.2.0 source code. > *Is it a false positive? Which of the following application scenarios will be > affected if the vulnerability is involved?* > For details about the scanning result, see the attachment. > Vulnerability Details: > [https://nvd.nist.gov/vuln/detail/CVE-2020-13949] -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Commented] (DERBY-7126) Make it possible to build and test Derby cleanly with OpenJDK 18
[ https://issues.apache.org/jira/browse/DERBY-7126?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17510173#comment-17510173 ] Bryan Pendleton commented on DERBY-7126: Hi Rick, I've been starting to see a few questions about the new "deprecated" messages in JDK 17+ Here's an example: [https://stackoverflow.com/questions/71541745/i-keep-getting-this-error-messages-when-try-to-use-javadb] I wonder if we should start planning for releasing a new version that supports JDK 17+? > Make it possible to build and test Derby cleanly with OpenJDK 18 > > > Key: DERBY-7126 > URL: https://issues.apache.org/jira/browse/DERBY-7126 > Project: Derby > Issue Type: Task > Components: Build tools >Affects Versions: 10.16.0.0 >Reporter: Richard N. Hillegas >Assignee: Richard N. Hillegas >Priority: Major > Attachments: DERBY_7126_A.java, DERBY_7126_B.java, dcl_emc2sm.jar, > derby-7126-01-aa-regenerateSignedJars.diff, > derby-7126-02-aa-suppressDeprecationWarnings.diff, > derby-7126-03-aa-mention-java.security.manager.diff, > derby-7126-04-aa-makeTestsRunOnJDK11andJDK18.diff, > derby-7126-05-aa-suppressRemovalWarnings.diff > > > Releases of Open JDK 18 can be found at https://jdk.java.net/178. We should > adjust Derby as necessary so that it builds cleanly (including javadoc) and > tests cleanly with this version of the platform. -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Commented] (DERBY-7135) Does derby 10.14.2.0 contain the CVE-2020-13949 vulnerability?
[ https://issues.apache.org/jira/browse/DERBY-7135?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17510018#comment-17510018 ] Bryan Pendleton commented on DERBY-7135: This seems like a flaw in the scanning tool. Apache Derby does not include any source code from Apache Thrift and I have not heard of any reports of CVE-2020-13949 for Apache Derby. Perhaps you could contact the vendor of the scanning tool and ask them to help you figure out why your copy of derbynet.jar is being flagged as containing this CVE? > Does derby 10.14.2.0 contain the CVE-2020-13949 vulnerability? > -- > > Key: DERBY-7135 > URL: https://issues.apache.org/jira/browse/DERBY-7135 > Project: Derby > Issue Type: Bug >Affects Versions: 10.14.2.0 >Reporter: JenickLee >Priority: Blocker > Attachments: Snipaste_2022-03-22_00-43-37.png, > Snipaste_2022-03-22_00-51-12.png > > > Use a security tool to scan the derby 10.14.2.0 installation package. *The > result shows that derbynet.jar contains the CVE-2020-13949 vulnerability.* > The vulnerability is related to Hive and Thrift, but no reference is found > in the derby 10.14.2.0 source code. > *Is it a false positive? Which of the following application scenarios will be > affected if the vulnerability is involved?* > For details about the scanning result, see the attachment. > Vulnerability Details: > [https://nvd.nist.gov/vuln/detail/CVE-2020-13949] -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Updated] (DERBY-7135) Does derby 10.14.2.0 contain the CVE-2020-13949 vulnerability?
[ https://issues.apache.org/jira/browse/DERBY-7135?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] lijunbin updated DERBY-7135: Attachment: Snipaste_2022-03-22_00-51-12.png > Does derby 10.14.2.0 contain the CVE-2020-13949 vulnerability? > -- > > Key: DERBY-7135 > URL: https://issues.apache.org/jira/browse/DERBY-7135 > Project: Derby > Issue Type: Bug >Affects Versions: 10.14.2.0 >Reporter: lijunbin >Priority: Blocker > Attachments: Snipaste_2022-03-22_00-43-37.png, > Snipaste_2022-03-22_00-51-12.png > > > Use a security tool to scan the derby 10.14.2.0 installation package. *The > result shows that derbynet.jar contains the CVE-2020-13949 vulnerability.* > The vulnerability is related to Hive and Thrift, but no reference is found > in the derby 10.14.2.0 source code. > *Is it a false positive? Which of the following application scenarios will be > affected if the vulnerability is involved?* > For details about the scanning result, see the attachment. > Vulnerability Details: > [https://nvd.nist.gov/vuln/detail/CVE-2020-13949] -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Updated] (DERBY-7135) Does derby 10.14.2.0 contain the CVE-2020-13949 vulnerability?
[ https://issues.apache.org/jira/browse/DERBY-7135?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] lijunbin updated DERBY-7135: Attachment: (was: Snipaste_2022-03-22_00-51-12.png) > Does derby 10.14.2.0 contain the CVE-2020-13949 vulnerability? > -- > > Key: DERBY-7135 > URL: https://issues.apache.org/jira/browse/DERBY-7135 > Project: Derby > Issue Type: Bug >Affects Versions: 10.14.2.0 >Reporter: lijunbin >Priority: Blocker > Attachments: Snipaste_2022-03-22_00-43-37.png > > > Use a security tool to scan the derby 10.14.2.0 installation package. *The > result shows that derbynet.jar contains the CVE-2020-13949 vulnerability.* > The vulnerability is related to Hive and Thrift, but no reference is found > in the derby 10.14.2.0 source code. > *Is it a false positive? Which of the following application scenarios will be > affected if the vulnerability is involved?* > For details about the scanning result, see the attachment. > Vulnerability Details: > [https://nvd.nist.gov/vuln/detail/CVE-2020-13949] -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Updated] (DERBY-7135) Does derby 10.14.2.0 contain the CVE-2020-13949 vulnerability?
[ https://issues.apache.org/jira/browse/DERBY-7135?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] lijunbin updated DERBY-7135: Attachment: Snipaste_2022-03-22_00-51-12.png > Does derby 10.14.2.0 contain the CVE-2020-13949 vulnerability? > -- > > Key: DERBY-7135 > URL: https://issues.apache.org/jira/browse/DERBY-7135 > Project: Derby > Issue Type: Bug >Affects Versions: 10.14.2.0 >Reporter: lijunbin >Priority: Blocker > Attachments: Snipaste_2022-03-22_00-43-37.png > > > Use a security tool to scan the derby 10.14.2.0 installation package. *The > result shows that derbynet.jar contains the CVE-2020-13949 vulnerability.* > The vulnerability is related to Hive and Thrift, but no reference is found > in the derby 10.14.2.0 source code. > *Is it a false positive? Which of the following application scenarios will be > affected if the vulnerability is involved?* > For details about the scanning result, see the attachment. > Vulnerability Details: > [https://nvd.nist.gov/vuln/detail/CVE-2020-13949] -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Created] (DERBY-7135) Does derby 10.14.2.0 contain the CVE-2020-13949 vulnerability?
lijunbin created DERBY-7135: --- Summary: Does derby 10.14.2.0 contain the CVE-2020-13949 vulnerability? Key: DERBY-7135 URL: https://issues.apache.org/jira/browse/DERBY-7135 Project: Derby Issue Type: Bug Affects Versions: 10.14.2.0 Reporter: lijunbin Attachments: Snipaste_2022-03-22_00-43-37.png Use a security tool to scan the derby 10.14.2.0 installation package. *The result shows that derbynet.jar contains the CVE-2020-13949 vulnerability.* The vulnerability is related to Hive and Thrift, but no reference is found in the derby 10.14.2.0 source code. *Is it a false positive? Which of the following application scenarios will be affected if the vulnerability is involved?* For details about the scanning result, see the attachment. Vulnerability Details: [https://nvd.nist.gov/vuln/detail/CVE-2020-13949] -- This message was sent by Atlassian Jira (v8.20.1#820001)
