Uploaded image for project: 'Apache Avro'
  1. Apache Avro
  2. AVRO-2865

Security vulnerability caused by plexus-utils:1.5.6

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 1.9.2
    • 1.10.0
    • None
    • None

    Description

      According to X-Ray scanning of our dependencies, the current version of the maven avro plugin is due to the old plexus-utils version vulnerable to CVE-2017-1000487 and https://github.com/codehaus-plexus/plexus-utils/issues/3

       

      Both have a high severity and can be solved by upgrading plexus-utils to > 3.0.23.

      Could you please consider this in a potential new version?
      Thanks

      Attachments

        Issue Links

          is related to

          Improvement - An improvement or enhancement to an existing feature or task. AVRO-2710 Upgrade Avro Maven Plugin to 3.X

          • Major - Major loss of function.
          • Closed
          links to

          Web Link https://github.com/apache/avro/pull/919

          Activity

            People

              rskraba Ryan Skraba
              heisigh Hans Heisig
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: