[FLUME-3130] Upgrade restlet library dependency - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Open
Priority: Critical
Resolution: Unresolved
Affects Version/s: 1.7.0
Fix Version/s: 1.8.1
Component/s: None
Labels:
- dependency

Description

Group	Artifact	Version used	Upgrade target
org.restlet.jee	org.restlet	2.1.1	2.3.10

Security vulnerability: http://www.cvedetails.com/vulnerability-list/vendor_id-12911/product_id-26316/Restlet-Restlet.html
Maven: https://mvnrepository.com/artifact/org.restlet.jee/org.restlet

Please do:

CVE might be a false alarm or mistake. Please double check.
double check the newest version.
consider to remove a dependency if better alternative is available.
check whether the lib change would introduce a backward incompatibility (in which case please add this label `breaking_change` and fix version should be the next major)

Excerpt from mvn dependency:tree

org.apache.flume.flume-ng-sinks:flume-ng-morphline-solr-sink:jar:1.8.0-SNAPSHOT
+- org.apache.solr:solr-test-framework:jar:4.3.0:test
|  +- org.apache.solr:solr-core:jar:4.3.0:compile
|  |  +- org.restlet.jee:org.restlet:jar:2.1.1:compile
|  |  +- org.restlet.jee:org.restlet.ext.servlet:jar:2.1.1:compile

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Attila Simon

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 19/Jul/17 15:41

Updated:: 12/Sep/17 13:19