apache/incubator-datalab

There is a vulnerability in dropwizard 1.3.2,upgrade recommended

QiAnXinCodeSafe opened this issue 4 years ago · 1 comments

QiAnXinCodeSafe commented 4 years ago

incubator-datalab/pom.xml

Line 72 in 423fa3a

<io.dropwizard.version>1.3.2</io.dropwizard.version>

CVE-2020-5245 CVE-2020-11002

Recommended upgrade version：1.3.21

pjfanning commented 2 years ago

this is updated in master - https://github.com/apache/incubator-datalab/blob/master/services/billing-aws/pom.xml