Solving security vulnerabilities in the dependencies of opentsdb #2262
Labels
security
Security related fix or enhancement
Comments
|
It's a bit of a pain for the 2.x branches. You have to edit the |
manolama
added a commit
to manolama/opentsdb
that referenced
this issue
Dec 23, 2022
|
Thanks for the quick turnaround. Looking forward for more updates. |
manolama
added a commit
to manolama/opentsdb
that referenced
this issue
Jan 3, 2023
WARNING: The minimum JDK is now version 8 due to Jackson. Fix the Json serializer to explicitly write nulls due to API changes in Jackson.
manolama
added a commit
to manolama/opentsdb
that referenced
this issue
Jan 3, 2023
WARNING: The minimum JDK is now version 8 due to Jackson. Fix the Json serializer to explicitly write nulls due to API changes in Jackson.
manolama
added a commit
to manolama/opentsdb
that referenced
this issue
Jan 3, 2023
WARNING: The minimum JDK is now version 8 due to Jackson. Fix the Json serializer to explicitly write nulls due to API changes in Jackson.
manolama
added a commit
to manolama/opentsdb
that referenced
this issue
Jan 3, 2023
WARNING: The minimum JDK is now version 8 due to Jackson. Fix the Json serializer to explicitly write nulls due to API changes in Jackson.
manolama
added a commit
to manolama/opentsdb
that referenced
this issue
Jan 3, 2023
WARNING: The minimum JDK is now version 8 due to Jackson. Fix the Json serializer to explicitly write nulls due to API changes in Jackson.
manolama
added a commit
to manolama/opentsdb
that referenced
this issue
Jan 3, 2023
WARNING: The minimum JDK is now version 8 due to Jackson. Fix the Json serializer to explicitly write nulls due to API changes in Jackson. Ignore a couple of histogram generating data files.
manolama
added a commit
that referenced
this issue
Jan 3, 2023
WARNING: The minimum JDK is now version 8 due to Jackson. Fix the Json serializer to explicitly write nulls due to API changes in Jackson. Ignore a couple of histogram generating data files.
|
Some of these are updated now. Others like Netty, Guave and Protobuf are pretty complicated. I'll see what I can do with those. |
|
Thanks for the update, I shall be integrating the new changes and testing it out. Looking forward for updates on the remaining packages. |
|
Hi @manolama, Could you please let me know if there has been any progress on this and when I can expect to receive an update? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
In my company, we are using OpenTSDB. Our primary concern right now is to solve the security vulnerabilities in the software which we are using. I have listed down the vulnerable packages below. Please suggest me how to upgrade those packages to the latest version in OpenTSDB?
ch.qos.logback:logback-core
commons-collections:commons-collections
ch.qos.logback:logback-classic
com.fasterxml.jackson.core:jackson-databind
com.google.protobuf:protobuf-java
org.apache.zookeeper:zookeeper
org.apache.httpcomponents:httpclient
net.sourceforge.htmlunit:htmlunit
io.netty:netty
com.google.guava:guava
commons-io:commons-io
commons-codec:commons-codec
junit:junit
The text was updated successfully, but these errors were encountered: