-
Notifications
You must be signed in to change notification settings - Fork 3.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
resolve multiple CVEs #15407
resolve multiple CVEs #15407
Conversation
@abhishekagarwal87 |
… license, update licenses and suppressions
Cannot update elasticsearch to CVE-2023-31418 CVE-2021-22134 CVE-2021-22135 CVE-2021-22144 CVE-2023-31417 CVE-2023-31419 CVE-2023-46673 |
closing this PR as it's being addressed with a series of smaller efforts. |
Fixes # Multiple CVEs in dependencies. .
Description
Update multiple dependencies to clear CVEs
Update docker-java-bom to 3.3.4 and
kubernetes-client to 19.0.0 to move away from bcprov-jdk15 to address: CVE-2023-33201
Update dropwizard-metrics to 4.2.22 to address CVE-2023-46120 in com.rabbitmq:amqp-client
Update avro to 1.11.3 to resolve CVE-2023-39410
Update jackson-databind to 2.12.7.1 to resolve CVE-2022-42003 CVE-2022-42004
Update ant to 1.10.14 to resolve CVE-2020-11979 CVE-2020-1945 CVE-2021-36373 CVE-2021-36374
Update comomons-compress to resolve CVE-2023-42503
Update jose4j to 0.9.3 to resolve CVE-2023-31582 GHSA-jgvc-jfgh-rjvv
Update kotlin-stdlib to 1.4.21 to resolve CVE-2020-29582
Update kafka-client-schema-registry to 6.2.12
Update woodstox-core to 6.4.0 to address CVE-2022-40152
Update aws-java-sdk-bundle to 1.12.497 to remove CVE regressions introduced by ranger update
This PR has: