beam-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <>
Subject [jira] [Work logged] (BEAM-3873) Current version of commons-compress is DOS vulnerable CVE-2018-1324
Date Sun, 18 Mar 2018 11:14:00 GMT


ASF GitHub Bot logged work on BEAM-3873:

                Author: ASF GitHub Bot
            Created on: 18/Mar/18 11:13
            Start Date: 18/Mar/18 11:13
    Worklog Time Spent: 10m 
      Work Description: iemejia opened a new pull request #4889: [BEAM-3873] Current version
of commons-compress is DOS vulnerable CVE-2018-1324
   Follow this checklist to help us incorporate your contribution quickly and easily:
    - [ ] Make sure there is a [JIRA issue](
filed for the change (usually before you start working on it).  Trivial changes like typos
do not require a JIRA issue.  Your pull request should address just this issue, without pulling
in other changes.
    - [ ] Format the pull request title like `[BEAM-XXX] Fixes bug in ApproximateQuantiles`,
where you replace `BEAM-XXX` with the appropriate JIRA issue.
    - [ ] Write a pull request description that is detailed enough to understand:
      - [ ] What the pull request does
      - [ ] Why it does it
      - [ ] How it does it
      - [ ] Why this approach
    - [ ] Each commit in the pull request should have a meaningful subject line and body.
    - [ ] Run `mvn clean verify` to make sure basic checks pass. A more thorough check will
be performed on your pull request automatically.
    - [ ] If this contribution is large, please file an Apache [Individual Contributor License

This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:

Issue Time Tracking

            Worklog Id:     (was: 81640)
            Time Spent: 10m
    Remaining Estimate: 0h

> Current version of commons-compress is DOS vulnerable CVE-2018-1324
> -------------------------------------------------------------------
>                 Key: BEAM-3873
>                 URL:
>             Project: Beam
>          Issue Type: Bug
>          Components: build-system, sdk-java-core
>    Affects Versions: 2.3.0, 2.4.0
>            Reporter: Ismaël Mejía
>            Assignee: Ismaël Mejía
>            Priority: Major
>          Time Spent: 10m
>  Remaining Estimate: 0h
> The commons-compress version of the library used by Beam has a security vulnerability.
For more details see [CVE-2018-1324|]

This message was sent by Atlassian JIRA

View raw message