[KAFKA-10414] Upgrade api-util dependency - CVE-2018-1337 - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Not A Problem
Affects Version/s: None
Fix Version/s: None
Component/s: None
Labels:
None

Description

There is a dependency on org.apache.directory.api:api-util:1.0.0, which is involved in CVE-2018-1337. The issue is fixed in api-util:1.0.2<=

This is a transitive dependency through the apacheds libs.

~~Can be fixed by upgrading to at least version 2.0.0.AM25~~

Since api-all is also a dependency, and there is a class collision between api-all and newer version of api-util, it is better to just upgrade api-util to 1.0.2

Attachments

Activity

People

Assignee:: Daniel Urban

Reporter:: Daniel Urban

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 18/Aug/20 14:14

Updated:: 24/Aug/20 12:49

Resolved:: 24/Aug/20 12:49