druid

Commit Graph

Author	SHA1	Message	Date
zachjsh	74ac9151c9	Fix / suppress netty CVEs CVE-2019-20445 and CVE-2019-20444 (#9300 ) * Suppress netty 3 vulnerabilites and upgrade netty 4 version * Upgrade netty 4 version to fix vulnerabilities CVE-2019-20445 and CVE-2019-20444 * suppress these CVEs for netty 3 * * simplify suppression xml file * update licenses file with new version of netty * * fix type in licenses.yaml	2020-01-31 14:51:54 -08:00
Chi Cao Minh	b2877119d0	Suppress CVE-2019-20330 for htrace-core-4.0.1 (#9189 ) CVE-2019-20330 was updated on 14 Jan 2020, which now gets flagged by the security vulnerability scan. Since the CVE is for jackson-databind, via htrace-core-4.0.1, it can be added to the existing list of security vulnerability suppressions for that dependency.	2020-01-14 21:15:24 -08:00
Chi Cao Minh	af74acaa85	Address security vulnerabilities CVSS >= 7 (#8980 ) * Address security vulnerabilities CVSS >= 7 Update dependencies to address security vulnerabilities with CVSS scores of 7 or higher. A new Travis CI job is added to prevent new high/critical security vulnerabilities from being added. Updated dependencies: - api-util 1.0.0 -> 1.0.3 - jackson 2.9.10 -> 2.10.1 - kafka 2.1.0 -> 2.1.1 - libthrift 0.10.0 -> 0.13.0 - protobuf 3.2.0 -> 3.11.0 The following high/critical security vulnerabilities are currently suppressed (so that the new Travis CI job can be added now) and are left as future work to fix: - hibernate-validator:5.2.5 - jackson-mapper-asl:1.9.13 - libthrift:0.6.1 - netty:3.10.6 - nimbus-jose-jwt:4.41.1 * Rename EDL1 license file * Fix inspection errors	2019-12-05 14:34:35 -08:00

Author

SHA1

Message

Date

zachjsh

74ac9151c9

Fix / suppress netty CVEs CVE-2019-20445 and CVE-2019-20444 (#9300 )

* Suppress netty 3 vulnerabilites and upgrade netty 4 version

* Upgrade netty 4 version to fix vulnerabilities CVE-2019-20445
  and CVE-2019-20444
* suppress these CVEs for netty 3

* * simplify suppression xml file
* update licenses file with new version of netty

* * fix type in licenses.yaml

2020-01-31 14:51:54 -08:00

Chi Cao Minh

b2877119d0

Suppress CVE-2019-20330 for htrace-core-4.0.1 (#9189 )

CVE-2019-20330 was updated on 14 Jan 2020, which now gets flagged by the
security vulnerability scan. Since the CVE is for jackson-databind, via
htrace-core-4.0.1, it can be added to the existing list of security
vulnerability suppressions for that dependency.

2020-01-14 21:15:24 -08:00

Chi Cao Minh

af74acaa85

Address security vulnerabilities CVSS >= 7 (#8980 )

* Address security vulnerabilities CVSS >= 7

Update dependencies to address security vulnerabilities with CVSS scores
of 7 or higher. A new Travis CI job is added to prevent new
high/critical security vulnerabilities from being added.

Updated dependencies:
- api-util 1.0.0 -> 1.0.3
- jackson 2.9.10 -> 2.10.1
- kafka 2.1.0 -> 2.1.1
- libthrift 0.10.0 -> 0.13.0
- protobuf 3.2.0 -> 3.11.0

The following high/critical security vulnerabilities are currently
suppressed (so that the new Travis CI job can be added now) and are left
as future work to fix:
- hibernate-validator:5.2.5
- jackson-mapper-asl:1.9.13
- libthrift:0.6.1
- netty:3.10.6
- nimbus-jose-jwt:4.41.1

* Rename EDL1 license file

* Fix inspection errors

2019-12-05 14:34:35 -08:00

1 2

53 Commits