kylin-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (KYLIN-3372) Upgrade jackson-databind version due to security concerns
Date Tue, 29 May 2018 03:06:00 GMT

    [ https://issues.apache.org/jira/browse/KYLIN-3372?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16493043#comment-16493043
] 

ASF GitHub Bot commented on KYLIN-3372:
---------------------------------------

codecov-io commented on issue #144: KYLIN-3372 upgrade jackson databind version to 2.9.5
URL: https://github.com/apache/kylin/pull/144#issuecomment-392640151
 
 
   # [Codecov](https://codecov.io/gh/apache/kylin/pull/144?src=pr&el=h1) Report
   > Merging [#144](https://codecov.io/gh/apache/kylin/pull/144?src=pr&el=desc) into
[master](https://codecov.io/gh/apache/kylin/commit/2b1e9f4b965a47dde999eca073bdbf49eecdb63d?src=pr&el=desc)
will **increase** coverage by `0.02%`.
   > The diff coverage is `n/a`.
   
   [![Impacted file tree graph](https://codecov.io/gh/apache/kylin/pull/144/graphs/tree.svg?width=650&height=150&src=pr&token=JawVgbgsVo)](https://codecov.io/gh/apache/kylin/pull/144?src=pr&el=tree)
   
   ```diff
   @@             Coverage Diff              @@
   ##             master     #144      +/-   ##
   ============================================
   + Coverage     21.83%   21.85%   +0.02%     
   - Complexity     3888     3889       +1     
   ============================================
     Files           985      985              
     Lines         59716    59716              
     Branches       8623     8623              
   ============================================
   + Hits          13039    13052      +13     
   + Misses        45459    45452       -7     
   + Partials       1218     1212       -6
   ```
   
   
   | [Impacted Files](https://codecov.io/gh/apache/kylin/pull/144?src=pr&el=tree) | Coverage
Δ | Complexity Δ | |
   |---|---|---|---|
   | [...a/org/apache/kylin/dict/Number2BytesConverter.java](https://codecov.io/gh/apache/kylin/pull/144/diff?src=pr&el=tree#diff-Y29yZS1kaWN0aW9uYXJ5L3NyYy9tYWluL2phdmEvb3JnL2FwYWNoZS9reWxpbi9kaWN0L051bWJlcjJCeXRlc0NvbnZlcnRlci5qYXZh)
| `82.53% <0%> (+0.79%)` | `18% <0%> (+1%)` | :arrow_up: |
   | [.../apache/kylin/cube/cuboid/TreeCuboidScheduler.java](https://codecov.io/gh/apache/kylin/pull/144/diff?src=pr&el=tree#diff-Y29yZS1jdWJlL3NyYy9tYWluL2phdmEvb3JnL2FwYWNoZS9reWxpbi9jdWJlL2N1Ym9pZC9UcmVlQ3Vib2lkU2NoZWR1bGVyLmphdmE=)
| `66.15% <0%> (+2.3%)` | `0% <0%> (ø)` | :arrow_down: |
   | [...rg/apache/kylin/cube/inmemcubing/MemDiskStore.java](https://codecov.io/gh/apache/kylin/pull/144/diff?src=pr&el=tree#diff-Y29yZS1jdWJlL3NyYy9tYWluL2phdmEvb3JnL2FwYWNoZS9reWxpbi9jdWJlL2lubWVtY3ViaW5nL01lbURpc2tTdG9yZS5qYXZh)
| `69.3% <0%> (+2.73%)` | `7% <0%> (ø)` | :arrow_down: |
   
   ------
   
   [Continue to review full report at Codecov](https://codecov.io/gh/apache/kylin/pull/144?src=pr&el=continue).
   > **Legend** - [Click here to learn more](https://docs.codecov.io/docs/codecov-delta)
   > `Δ = absolute <relative> (impact)`, `ø = not affected`, `? = missing data`
   > Powered by [Codecov](https://codecov.io/gh/apache/kylin/pull/144?src=pr&el=footer).
Last update [2b1e9f4...12222c8](https://codecov.io/gh/apache/kylin/pull/144?src=pr&el=lastupdated).
Read the [comment docs](https://docs.codecov.io/docs/pull-request-comments).
   

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


> Upgrade jackson-databind version due to security concerns
> ---------------------------------------------------------
>
>                 Key: KYLIN-3372
>                 URL: https://issues.apache.org/jira/browse/KYLIN-3372
>             Project: Kylin
>          Issue Type: Task
>            Reporter: Ted Yu
>            Assignee: Chao Long
>            Priority: Major
>             Fix For: v2.4.0
>
>
> * https://nvd.nist.gov/vuln/detail/CVE-2018-5968
> * https://nvd.nist.gov/vuln/detail/CVE-2018-7489
> * https://nvd.nist.gov/vuln/detail/CVE-2017-7525
> * https://nvd.nist.gov/vuln/detail/CVE-2017-17485
> * https://nvd.nist.gov/vuln/detail/CVE-2017-15095
> We should either remove the dependency or upgrade to version 2.8.11.1 or the latest,
if possible.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message