arrow-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Matt Darwin (JIRA)" <j...@apache.org>
Subject [jira] [Created] (ARROW-1240) security: upgrade logback to address CVE-2017-5929
Date Thu, 20 Jul 2017 08:40:01 GMT
Matt Darwin created ARROW-1240:
----------------------------------

             Summary: security: upgrade logback to address CVE-2017-5929
                 Key: ARROW-1240
                 URL: https://issues.apache.org/jira/browse/ARROW-1240
             Project: Apache Arrow
          Issue Type: Bug
          Components: Java - Memory
    Affects Versions: 0.5.0
            Reporter: Matt Darwin


logback versions before 1.2.0 are affected by "a rather severe serialization vulnerability
in SocketServer and ServerSocketReceiver".

We should upgrade logback from 1.0.13 to the latest version (currently 1.2.3) in order to
address this.

See https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5929
and 
https://logback.qos.ch/news.html



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message