druid-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jonathan Wei <jon...@apache.org>
Subject [CANCEL][VOTE] Release Apache Druid 0.20.0 [RC1]
Date Thu, 08 Oct 2020 00:46:34 GMT
Building from source now fails due to a newly updated CVE:
https://nvd.nist.gov/vuln/detail/CVE-2018-11765, so I'm canceling RC1 and
will make RC2 once this is fixed.

[ERROR] Failed to execute goal org.owasp:dependency-check-maven:5.3.2:check
(default) on project druid-kerberos:
[ERROR]
[ERROR] One or more dependencies were identified with vulnerabilities that
have a CVSS score greater than or equal to '7.0':
[ERROR]
[ERROR] hadoop-auth-2.8.5.jar: CVE-2018-11765
[ERROR]
[ERROR] See the dependency-check report for more details.
[ERROR]
[ERROR]
[ERROR] -> [Help 1]
[ERROR] Failed to execute goal org.owasp:dependency-check-maven:5.3.2:check
(default) on project ambari-metrics-emitter:
[ERROR]
[ERROR] One or more dependencies were identified with vulnerabilities that
have a CVSS score greater than or equal to '7.0':
[ERROR]
[ERROR] hadoop-annotations-2.8.5.jar: CVE-2018-11765
[ERROR]
[ERROR] See the dependency-check report for more details.
[ERROR]

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message