ZaNksC opened a new issue, #49249:
URL: https://github.com/apache/doris/issues/49249
带有漏洞的安全组件为 `log4j` 、`Apache Commons Collections` 、 `jackson-databind`
期望在下一个发行版本中修复,请问是否有修复计划。
1. log4j
- 版本:2.6.2
- 部分高危漏洞列表:
-
[CVE-2021-44228(Log4Shell)](https://nvd.nist.gov/vuln/detail/cve-2021-44228)
- [CVE-2021-45046](https://nvd.nist.gov/vuln/detail/CVE-2021-45046)
- [CVE-2021-45105](https://nvd.nist.gov/vuln/detail/CVE-2021-45105)
2. Apache Commons Collections
- 版本:3.2.1
- 部分高危漏洞列表:
- [CVE-2015-7501](https://nvd.nist.gov/vuln/detail/CVE-2015-7501)
- [CVE-2016-2518](https://nvd.nist.gov/vuln/detail/CVE-2016-2518)
2. jackson-databind
- 版本:2.12.7.2
- 部分高危漏洞列表:
- [CVE-2020-25649](https://nvd.nist.gov/vuln/detail/CVE-2020-25649)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscr...@doris.apache.org.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@doris.apache.org
For additional commands, e-mail: commits-h...@doris.apache.org
