[jira] [Created] (HUDI-3819) upgrade spring cve-2022-22965

Jason-Morries Adam (Jira) Thu, 07 Apr 2022 05:36:04 -0700

Jason-Morries Adam created HUDI-3819:
----------------------------------------


             Summary: upgrade spring cve-2022-22965
                 Key: HUDI-3819
                 URL: https://issues.apache.org/jira/browse/HUDI-3819
             Project: Apache Hudi
          Issue Type: Bug
          Components: cli
    Affects Versions: 0.10.1
            Reporter: Jason-Morries Adam
             Fix For: 0.11.0


We should upgrade the Spring Framework version at Hudi CLI because of 
cve-2022-22965. The Qualys Scanner finds these packages and raises a warning 
because of the existence of these files on the system. 

The found files are:
/usr/lib/hudi/cli/lib/spring-beans-4.2.4.RELEASE.jar 
/usr/lib/hudi/cli/lib/spring-core-4.2.4.RELEASE.jar

More Information: 
Spring Framework: https://spring.io/projects/spring-framework
Spring project spring-framework release notes: 
https://github.com/spring-projects/spring-framework/releases
CVE-2022-22965: https://tanzu.vmware.com/security/cve-2022-22965



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

[jira] [Created] (HUDI-3819) upgrade spring cve-2022-22965

Reply via email to