Uploaded image for project: 'Apache Arrow'
  1. Apache Arrow
  2. ARROW-1240

security: upgrade logback to address CVE-2017-5929

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 0.4.1
    • Fix Version/s: 0.6.0
    • Component/s: Java
    • Labels:
      None
    • Flags:
      Important

      Description

      logback versions before 1.2.0 are affected by "a rather severe serialization vulnerability in SocketServer and ServerSocketReceiver".

      We should upgrade logback from 1.0.13 to the latest version (currently 1.2.3) in order to address this.

      See https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5929
      and
      https://logback.qos.ch/news.html

        Attachments

          Activity

            People

            • Assignee:
              mdarwin Matt Darwin
              Reporter:
              mdarwin Matt Darwin
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: