[
https://issues.apache.org/jira/browse/CASSANDRA-18389?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17707907#comment-17707907
]
Brandon Williams edited comment on CASSANDRA-18389 at 4/3/23 10:37 AM:
-----------------------------------------------------------------------
bq. I wonder if we could think of some way to make a build fail when sbdy tried
to use an offending method in the future
That would be checkstyle I think, where we already ban incompatible methods.
Doing this to prevent future vulnerability exposure sounds pretty YAGNI to me
though, if there is such a risk we should fix the root cause and upgrade the
lib.
I think the vast majority won't be in that category though, here for instance
we have to be converting xml to json, something we'd just (hopefully) never
need to do.
was (Author: brandon.williams):
bq. I wonder if we could think of some way to make a build fail when sbdy tried
to use an offending method in the future
That would be checkstyle I think, where we already ban incompatible methods.
Doing this to prevent future vulnerability exposure sounds pretty YAGNI to me
though, if there is such a risk we should fix the root cause and upgrade the
lib.
> jackson-core-2.13.2.jar vulnerability: CVE-2022-45688
> -----------------------------------------------------
>
> Key: CASSANDRA-18389
> URL: https://issues.apache.org/jira/browse/CASSANDRA-18389
> Project: Cassandra
> Issue Type: Bug
> Components: Dependencies
> Reporter: Brandon Williams
> Assignee: Brandon Williams
> Priority: Normal
> Fix For: 3.11.x, 4.0.x, 4.1.x, 5.x
>
>
> This is currently failing in the OWASP scan.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
