date:20240208

[jira] [Updated] (TINKERPOP-3050) security vulnerability in logback-core

2024-02-08 Thread Tal Ron (Jira)



 [ 
https://issues.apache.org/jira/browse/TINKERPOP-3050?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Tal Ron updated TINKERPOP-3050:
---
Priority: Major  (was: Critical)

> security vulnerability in logback-core 
> ---
>
> Key: TINKERPOP-3050
> URL: https://issues.apache.org/jira/browse/TINKERPOP-3050
> Project: TinkerPop
>  Issue Type: Bug
>  Components: console
>Affects Versions: 3.6.6
>Reporter: Tal Ron
>Priority: Major
>
> used logback-core version is: 1.2.11- 
> [CVE-2023-6378|https://github.com/advisories/GHSA-vmq6-5m68-f53m]
> [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6378]
>  
> [https://github.com/advisories/GHSA-vmq6-5m68-f53m]
> I see that even latest v1.2.13 has security issue: 
> [https://mvnrepository.com/artifact/ch.qos.logback/logback-core]
> 1.3.12, 1.3.14, 1.4.12 and latest 1.4.14 are currently safe
>  



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (TINKERPOP-3053) security vulnerability in netty-codec-http2

2024-02-08 Thread Tal Ron (Jira)



 [ 
https://issues.apache.org/jira/browse/TINKERPOP-3053?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Tal Ron updated TINKERPOP-3053:
---
Component/s: console

> security vulnerability in netty-codec-http2
> ---
>
> Key: TINKERPOP-3053
> URL: https://issues.apache.org/jira/browse/TINKERPOP-3053
> Project: TinkerPop
>  Issue Type: Bug
>  Components: console
>Affects Versions: 3.6.6
>Reporter: Tal Ron
>Priority: Major
>
> version used is: netty-codec-http2-4.1.96.Final - GHSA-xpw8-rcwv-8f8p (dep: 
> [CVE-2023-4586|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4586])
> [https://github.com/advisories/GHSA-xpw8-rcwv-8f8p]
> [https://mvnrepository.com/artifact/io.netty/netty-codec-http2]
> affected versions: < 4.1.100.Final
>  



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Created] (TINKERPOP-3053) security vulnerability in netty-codec-http2

2024-02-08 Thread Tal Ron (Jira)

Tal Ron created TINKERPOP-3053:
--

 Summary: security vulnerability in netty-codec-http2
 Key: TINKERPOP-3053
 URL: https://issues.apache.org/jira/browse/TINKERPOP-3053
 Project: TinkerPop
  Issue Type: Bug
Affects Versions: 3.6.6
Reporter: Tal Ron


version used is: netty-codec-http2-4.1.96.Final - GHSA-xpw8-rcwv-8f8p (dep: 
[CVE-2023-4586|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4586])

[https://github.com/advisories/GHSA-xpw8-rcwv-8f8p]

[https://mvnrepository.com/artifact/io.netty/netty-codec-http2]

affected versions: < 4.1.100.Final

 



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Created] (TINKERPOP-3050) severity security vulnerability in logback-core

2024-02-08 Thread Tal Ron (Jira)

Tal Ron created TINKERPOP-3050:
--

 Summary: severity security vulnerability in logback-core 
 Key: TINKERPOP-3050
 URL: https://issues.apache.org/jira/browse/TINKERPOP-3050
 Project: TinkerPop
  Issue Type: Bug
  Components: console
Affects Versions: 3.6.6
Reporter: Tal Ron


used logback-core version is: 1.2.11- 
[CVE-2023-6378|https://github.com/advisories/GHSA-vmq6-5m68-f53m]

[https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6378]

 

[https://github.com/advisories/GHSA-vmq6-5m68-f53m]

I see that even latest v1.2.13 has security issue: 

[https://mvnrepository.com/artifact/ch.qos.logback/logback-core]

1.3.12, 1.3.14, 1.4.12 and latest 1.4.14 are currently safe

 



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Created] (TINKERPOP-3052) security vulnerability in ivy

2024-02-08 Thread Tal Ron (Jira)

Tal Ron created TINKERPOP-3052:
--

 Summary: security vulnerability in ivy
 Key: TINKERPOP-3052
 URL: https://issues.apache.org/jira/browse/TINKERPOP-3052
 Project: TinkerPop
  Issue Type: Bug
  Components: console
Affects Versions: 3.6.6
Reporter: Tal Ron


used version is: 2.5.1 - 
[CVE-2022-46751|https://github.com/advisories/GHSA-2jc4-r94c-rp7h]

[https://mvnrepository.com/artifact/org.apache.ivy/ivy]

2.5.2 is safe



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (TINKERPOP-3050) security vulnerability in logback-core

2024-02-08 Thread Tal Ron (Jira)



 [ 
https://issues.apache.org/jira/browse/TINKERPOP-3050?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Tal Ron updated TINKERPOP-3050:
---
Summary: security vulnerability in logback-core   (was: severity security 
vulnerability in logback-core )

> security vulnerability in logback-core 
> ---
>
> Key: TINKERPOP-3050
> URL: https://issues.apache.org/jira/browse/TINKERPOP-3050
> Project: TinkerPop
>  Issue Type: Bug
>  Components: console
>Affects Versions: 3.6.6
>Reporter: Tal Ron
>Priority: Critical
>
> used logback-core version is: 1.2.11- 
> [CVE-2023-6378|https://github.com/advisories/GHSA-vmq6-5m68-f53m]
> [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6378]
>  
> [https://github.com/advisories/GHSA-vmq6-5m68-f53m]
> I see that even latest v1.2.13 has security issue: 
> [https://mvnrepository.com/artifact/ch.qos.logback/logback-core]
> 1.3.12, 1.3.14, 1.4.12 and latest 1.4.14 are currently safe
>  



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Created] (TINKERPOP-3051) security vulnerability in logback-classic

2024-02-08 Thread Tal Ron (Jira)

Tal Ron created TINKERPOP-3051:
--

 Summary: security vulnerability in logback-classic
 Key: TINKERPOP-3051
 URL: https://issues.apache.org/jira/browse/TINKERPOP-3051
 Project: TinkerPop
  Issue Type: Bug
  Components: console
Affects Versions: 3.6.6
Reporter: Tal Ron


logback-classic version used is: 1.2.11 - 
[CVE-2023-6378|https://github.com/advisories/GHSA-vmq6-5m68-f53m]

[https://mvnrepository.com/artifact/ch.qos.logback/logback-classic]

1.3.12 - 1.3.14, 1.4.12 - 1.4.14 are safe



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Created] (TINKERPOP-3054) RequestId serialization broken in Python GLV

2024-02-08 Thread Valentyn Kahamlyk (Jira)

Valentyn Kahamlyk created TINKERPOP-3054:


 Summary: RequestId serialization broken in Python GLV
 Key: TINKERPOP-3054
 URL: https://issues.apache.org/jira/browse/TINKERPOP-3054
 Project: TinkerPop
  Issue Type: Improvement
  Components: python
Affects Versions: 3.7.1, 3.6.6
Reporter: Valentyn Kahamlyk


`g.with_('requestId', uuid.uuid1()).V().count().toList()`
failed with error `AttributeError: 'UUID' object has no attribute 'replace'`
in line 
`uuid.UUID(request_id) # Checks for proper UUID or else server will return an 
error.`



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (TINKERPOP-3050) security vulnerability in logback-core

[jira] [Updated] (TINKERPOP-3053) security vulnerability in netty-codec-http2

[jira] [Created] (TINKERPOP-3053) security vulnerability in netty-codec-http2

[jira] [Created] (TINKERPOP-3050) severity security vulnerability in logback-core

[jira] [Created] (TINKERPOP-3052) security vulnerability in ivy

[jira] [Updated] (TINKERPOP-3050) security vulnerability in logback-core

[jira] [Created] (TINKERPOP-3051) security vulnerability in logback-classic

[jira] [Created] (TINKERPOP-3054) RequestId serialization broken in Python GLV

8 matches

Site Navigation

Mail list logo

Footer information