[AVRO-3215] common-compress dependecy has security vulnerabilities - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 1.11.0
Component/s: None
Labels:
None

Description

Hi,

The latest apache avro version 1.10.2 has dependecy on org.apache.commons:commons-compress:1.20 which has security vulnerabilities. Please upgrade to org.apache.commons:commons-compress:1.21

Attachments

Issue Links

duplicates

AVRO-3213 Update commons-compress to version 1.21

Resolved

is duplicated by

AVRO-3227 Multiple CVEs via Apache Compress

Resolved

Activity

People

Assignee:: Unassigned

Reporter:: Xavier

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 22/Sep/21 08:43

Updated:: 23/Nov/21 11:26

Resolved:: 22/Sep/21 09:06