Chi Cao Minh
|
8365bdf62a
|
Address security vulnerabilities (#8878)
* Address security vulnerabilities
Security vulnerabilities addressed by upgrading 3rd party libs:
- Upgrade avro-ipc to 1.9.1
- sonatype-2019-0115
- Upgrade caffeine to 2.8.0
- sonatype-2019-0282
- Upgrade commons-beanutils to 1.9.4
- CVE-2014-0114
- Upgrade commons-codec to 1.13
- sonatype-2012-0050
- Upgrade commons-compress to 1.19
- CVE-2019-12402
- sonatype-2018-0293
- Upgrade hadoop-common to 2.8.5
- CVE-2018-11767
- Upgrade hadoop-mapreduce-client-core to 2.8.5
- CVE-2017-3166
- Upgrade hibernate-validator to 5.2.5
- CVE-2017-7536
- Upgrade httpclient to 4.5.10
- sonatype-2017-0359
- Upgrade icu4j to 55.1
- CVE-2014-8147
- Upgrade jackson-databind to 2.6.7.3:
- CVE-2017-7525
- Upgrade jetty-http to 9.4.12:
- CVE-2017-7657
- CVE-2017-7658
- CVE-2017-7656
- CVE-2018-12545
- Upgrade log4j-core to 2.8.2
- CVE-2017-5645:
- Upgrade netty to 3.10.6
- CVE-2015-2156
- Upgrade netty-common to 4.1.42
- CVE-2019-9518
- Upgrade netty-codec-http to 4.1.42
- CVE-2019-16869
- Upgrade nimbus-jose-jwt to 4.41.1
- CVE-2017-12972
- CVE-2017-12974
- Upgrade plexus-utils to 3.0.24
- CVE-2017-1000487
- sonatype-2015-0173
- sonatype-2016-0398
- Upgrade postgresql to 42.2.8
- CVE-2018-10936
Note that if users are using JDBC lookups with postgres, they may need
to update the JDBC jar used by the lookup extension.
* Fix license for postgresql
|
2019-11-19 09:14:33 -08:00 |