[FLUME-3131] Upgrade spring framework library dependencies - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Critical
Resolution: Fixed
Affects Version/s: 1.7.0
Fix Version/s: 1.8.0
Component/s: None
Labels:
- dependency

Description

Group	Artifact	Version used	Upgrade target
org.springframework	spring-aop	3.0.7.RELEASE	4.3.9.RELEASE,
org.springframework	spring-context	3.0.7.RELEASE	4.3.9.RELEASE,
org.springframework	spring-core	3.0.7.RELEASE	4.3.9.RELEASE,

Security vulnerability: https://www.cvedetails.com/vulnerability-list/vendor_id-9664/product_id-17274/Springsource-Spring-Framework.html
Maven repositories:

Please do:

CVE might be a false alarm or mistake. Please double check.
double check the newest version.
consider to remove a dependency if better alternative is available.
check whether the lib change would introduce a backward incompatibility (in which case please add this label `breaking_change` and fix version should be the next major)

Excerpt from mvn dependency:tree

org.apache.flume.flume-ng-sources:flume-jms-source:jar:1.8.0-SNAPSHOT
\- org.apache.activemq:activemq-core:jar:5.7.0:provided
   +- org.springframework:spring-context:jar:3.0.7.RELEASE:provided
   |  +- org.springframework:spring-aop:jar:3.0.7.RELEASE:provided
   |  +- org.springframework:spring-beans:jar:3.0.7.RELEASE:provided
   |  +- org.springframework:spring-core:jar:3.0.7.RELEASE:provided
   |  +- org.springframework:spring-expression:jar:3.0.7.RELEASE:provided
   |  \- org.springframework:spring-asm:jar:3.0.7.RELEASE:provided

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

FLUME-3131.patch
20/Jul/17 23:26
1 kB
Ferenc Szabo
FLUME-3131-1.patch
23/Jul/17 11:02
1 kB
Ferenc Szabo

Issue Links

links to

GitHub Pull Request #153

Activity

People

Assignee:: Ferenc Szabo

Reporter:: Attila Simon

Votes:: 0 Vote for this issue

Watchers:: 6 Start watching this issue

Dates

Created:: 19/Jul/17 15:50

Updated:: 24/Aug/17 18:20

Resolved:: 24/Aug/17 18:20