Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug report] Verion of Jersey used 2.39.1 has a high severity CVE #1756

Closed
justinmclean opened this issue Jan 29, 2024 · 0 comments · Fixed by #1806
Closed

[Bug report] Verion of Jersey used 2.39.1 has a high severity CVE #1756

justinmclean opened this issue Jan 29, 2024 · 0 comments · Fixed by #1806
Assignees
@FANNG1
Labels
bug Something isn't working
Milestone
Gravitino 0.4.0

Comments

@justinmclean
Copy link
Member

Version

main branch

Describe what's wrong

See CVE-2014-3643 https://nvd.nist.gov/vuln/detail/CVE-2014-3643

Error message and/or stacktrace

N/A

How to reproduce

See CVE details/Jersey version.

Additional context

No response
@justinmclean justinmclean added the bug Something isn't working label Jan 29, 2024
@jerryshao jerryshao added this to the Gravitino 0.4.0 milestone Jan 31, 2024
@FANNG1 FANNG1 mentioned this issue Jan 31, 2024
Merged
jerryshao pushed a commit that referenced this issue Jan 31, 2024
@FANNG1
[#1756] fix(core): update jersery from 2.39 to 2.41 (#1806)
fb583ee 
### What changes were proposed in this pull request?
update jersery from 2.39 to 2.41 to fix CVE
update metrics to fix package conflict.

### Why are the changes needed?
Fix: #1756 

### Does this PR introduce _any_ user-facing change?
no

### How was this patch tested?
existing test
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@FANNG1 FANNG1

Labels
bug Something isn't working
Projects
None yet
Milestone
Gravitino 0.4.0
Development

Successfully merging a pull request may close this issue.

[#1756] fix(core): update jersery from 2.39 to 2.41 FANNG1/gravitino
3 participants
@justinmclean @jerryshao @FANNG1