[jira] [Created] (ARROW-1240) security: upgrade logback to address CVE-2017-5929

Matt Darwin (JIRA) Thu, 20 Jul 2017 01:40:22 -0700

Matt Darwin created ARROW-1240:
----------------------------------

             Summary: security: upgrade logback to address CVE-2017-5929
                 Key: ARROW-1240
                 URL: https://issues.apache.org/jira/browse/ARROW-1240
             Project: Apache Arrow
          Issue Type: Bug
          Components: Java - Memory
    Affects Versions: 0.5.0
            Reporter: Matt Darwin



logback versions before 1.2.0 are affected by "a rather severe serialization 
vulnerability in SocketServer and ServerSocketReceiver".

We should upgrade logback from 1.0.13 to the latest version (currently 1.2.3) 
in order to address this.

See https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5929
and 
https://logback.qos.ch/news.html



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Created] (ARROW-1240) security: upgrade logback to address CVE-2017-5929

Reply via email to