[jira] [Updated] (TINKERPOP-3050) security vulnerability in logback-core
[ https://issues.apache.org/jira/browse/TINKERPOP-3050?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Tal Ron updated TINKERPOP-3050: --- Priority: Major (was: Critical) > security vulnerability in logback-core > --- > > Key: TINKERPOP-3050 > URL: https://issues.apache.org/jira/browse/TINKERPOP-3050 > Project: TinkerPop > Issue Type: Bug > Components: console >Affects Versions: 3.6.6 >Reporter: Tal Ron >Priority: Major > > used logback-core version is: 1.2.11- > [CVE-2023-6378|https://github.com/advisories/GHSA-vmq6-5m68-f53m] > [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6378] > > [https://github.com/advisories/GHSA-vmq6-5m68-f53m] > I see that even latest v1.2.13 has security issue: > [https://mvnrepository.com/artifact/ch.qos.logback/logback-core] > 1.3.12, 1.3.14, 1.4.12 and latest 1.4.14 are currently safe > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (TINKERPOP-3053) security vulnerability in netty-codec-http2
[ https://issues.apache.org/jira/browse/TINKERPOP-3053?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Tal Ron updated TINKERPOP-3053: --- Component/s: console > security vulnerability in netty-codec-http2 > --- > > Key: TINKERPOP-3053 > URL: https://issues.apache.org/jira/browse/TINKERPOP-3053 > Project: TinkerPop > Issue Type: Bug > Components: console >Affects Versions: 3.6.6 >Reporter: Tal Ron >Priority: Major > > version used is: netty-codec-http2-4.1.96.Final - GHSA-xpw8-rcwv-8f8p (dep: > [CVE-2023-4586|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4586]) > [https://github.com/advisories/GHSA-xpw8-rcwv-8f8p] > [https://mvnrepository.com/artifact/io.netty/netty-codec-http2] > affected versions: < 4.1.100.Final > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (TINKERPOP-3053) security vulnerability in netty-codec-http2
Tal Ron created TINKERPOP-3053: -- Summary: security vulnerability in netty-codec-http2 Key: TINKERPOP-3053 URL: https://issues.apache.org/jira/browse/TINKERPOP-3053 Project: TinkerPop Issue Type: Bug Affects Versions: 3.6.6 Reporter: Tal Ron version used is: netty-codec-http2-4.1.96.Final - GHSA-xpw8-rcwv-8f8p (dep: [CVE-2023-4586|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4586]) [https://github.com/advisories/GHSA-xpw8-rcwv-8f8p] [https://mvnrepository.com/artifact/io.netty/netty-codec-http2] affected versions: < 4.1.100.Final -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (TINKERPOP-3050) severity security vulnerability in logback-core
Tal Ron created TINKERPOP-3050: -- Summary: severity security vulnerability in logback-core Key: TINKERPOP-3050 URL: https://issues.apache.org/jira/browse/TINKERPOP-3050 Project: TinkerPop Issue Type: Bug Components: console Affects Versions: 3.6.6 Reporter: Tal Ron used logback-core version is: 1.2.11- [CVE-2023-6378|https://github.com/advisories/GHSA-vmq6-5m68-f53m] [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6378] [https://github.com/advisories/GHSA-vmq6-5m68-f53m] I see that even latest v1.2.13 has security issue: [https://mvnrepository.com/artifact/ch.qos.logback/logback-core] 1.3.12, 1.3.14, 1.4.12 and latest 1.4.14 are currently safe -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (TINKERPOP-3052) security vulnerability in ivy
Tal Ron created TINKERPOP-3052: -- Summary: security vulnerability in ivy Key: TINKERPOP-3052 URL: https://issues.apache.org/jira/browse/TINKERPOP-3052 Project: TinkerPop Issue Type: Bug Components: console Affects Versions: 3.6.6 Reporter: Tal Ron used version is: 2.5.1 - [CVE-2022-46751|https://github.com/advisories/GHSA-2jc4-r94c-rp7h] [https://mvnrepository.com/artifact/org.apache.ivy/ivy] 2.5.2 is safe -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (TINKERPOP-3050) security vulnerability in logback-core
[ https://issues.apache.org/jira/browse/TINKERPOP-3050?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Tal Ron updated TINKERPOP-3050: --- Summary: security vulnerability in logback-core (was: severity security vulnerability in logback-core ) > security vulnerability in logback-core > --- > > Key: TINKERPOP-3050 > URL: https://issues.apache.org/jira/browse/TINKERPOP-3050 > Project: TinkerPop > Issue Type: Bug > Components: console >Affects Versions: 3.6.6 >Reporter: Tal Ron >Priority: Critical > > used logback-core version is: 1.2.11- > [CVE-2023-6378|https://github.com/advisories/GHSA-vmq6-5m68-f53m] > [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6378] > > [https://github.com/advisories/GHSA-vmq6-5m68-f53m] > I see that even latest v1.2.13 has security issue: > [https://mvnrepository.com/artifact/ch.qos.logback/logback-core] > 1.3.12, 1.3.14, 1.4.12 and latest 1.4.14 are currently safe > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (TINKERPOP-3051) security vulnerability in logback-classic
Tal Ron created TINKERPOP-3051: -- Summary: security vulnerability in logback-classic Key: TINKERPOP-3051 URL: https://issues.apache.org/jira/browse/TINKERPOP-3051 Project: TinkerPop Issue Type: Bug Components: console Affects Versions: 3.6.6 Reporter: Tal Ron logback-classic version used is: 1.2.11 - [CVE-2023-6378|https://github.com/advisories/GHSA-vmq6-5m68-f53m] [https://mvnrepository.com/artifact/ch.qos.logback/logback-classic] 1.3.12 - 1.3.14, 1.4.12 - 1.4.14 are safe -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (TINKERPOP-3054) RequestId serialization broken in Python GLV
Valentyn Kahamlyk created TINKERPOP-3054: Summary: RequestId serialization broken in Python GLV Key: TINKERPOP-3054 URL: https://issues.apache.org/jira/browse/TINKERPOP-3054 Project: TinkerPop Issue Type: Improvement Components: python Affects Versions: 3.7.1, 3.6.6 Reporter: Valentyn Kahamlyk `g.with_('requestId', uuid.uuid1()).V().count().toList()` failed with error `AttributeError: 'UUID' object has no attribute 'replace'` in line `uuid.UUID(request_id) # Checks for proper UUID or else server will return an error.` -- This message was sent by Atlassian Jira (v8.20.10#820010)