ignite-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (IGNITE-8471) Apache ignite for .NET has security vulnerabilities
Date Fri, 11 May 2018 17:45:00 GMT

    [ https://issues.apache.org/jira/browse/IGNITE-8471?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16472339#comment-16472339
] 

ASF GitHub Bot commented on IGNITE-8471:
----------------------------------------

GitHub user agura opened a pull request:

    https://github.com/apache/ignite/pull/3984

    IGNITE-8471 Dependencies upgraded

    

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/agura/incubator-ignite ignite-8471

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/ignite/pull/3984.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #3984
    
----
commit 50c69ace2834a2ed6cbb4d828ee75a0dc157e208
Author: Andrey Gura <agura@...>
Date:   2018-05-11T17:41:30Z

    IGNITE-8471 Dependencies upgraded

----


> Apache ignite for .NET has security vulnerabilities
> ---------------------------------------------------
>
>                 Key: IGNITE-8471
>                 URL: https://issues.apache.org/jira/browse/IGNITE-8471
>             Project: Ignite
>          Issue Type: Bug
>          Components: security
>    Affects Versions: 2.4
>            Reporter: Harendra Rai
>            Assignee: Andrey Gura
>            Priority: Major
>             Fix For: 2.5
>
>
> There are two security vulnerabilities in the latest 2.4.0 version.
>  # commons-beanutils-1.8.3.jar.  Here is the vulnerability id CVE-2014-0114 :  [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0114]
> *Resolution to this issue is*: All Commons BeanUtils users should upgrade to the latest
version >= commons-beanutils-1.9.2
>  # commons-codec-1.6.jar: Here is the vulnerability detail https://issues.apache.org/jira/browse/CODEC-96
> *Resolution* *to this issue is:* To upgrade to the latest available Version 1.11



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message