[AVRO-3656] Vulnerabilities from dependencies - jackson-databind & commons-text - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Critical
Resolution: Fixed
Affects Version/s: 1.11.1
Fix Version/s: 1.12.0, 1.11.2
Component/s: None
Labels:
None

Description

Version 1.11.1 of avro-compiler contains the apache commons-text vulnerable library (1.9) &

Jackson-databind (2.12.7)

Vulnerabilities from dependencies:
CVE-2022-42889
CVE-2022-42004
CVE-2022-42003

Is there any plan to upgrade dependency and address this issue?

Attachments

Activity

People

Assignee:: Martin Tzvetanov Grigorov

Reporter:: Ragul

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 27/Oct/22 13:10

Updated:: 28/Oct/22 12:20

Resolved:: 28/Oct/22 07:20