Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix CVE-2017-1000487 alert for thrift 0.14.1 #11634

Merged
merged 1 commit into from
Aug 8, 2022
Merged

Fix CVE-2017-1000487 alert for thrift 0.14.1 #11634

merged 1 commit into from
Aug 8, 2022

Conversation

xumia
Copy link
Collaborator

@xumia xumia commented Aug 5, 2022
edited
Loading

Why I did it

Fix CVE-2017-1000487 alert in thrift 0.14.1.
See https://nvd.nist.gov/vuln/detail/CVE-2017-1000487

How I did it

Change the version of org.codehaus.plexus:plexus-utils from 3.0.14 to 3.0.16.

How to verify it

Which release branch to backport (provide reason below if selected)

  • 201811
  • 201911
  • 202006
  • 202012
  • 202106
  • 202111
  • 202205

Description for the changelog

Link to config_db schema for YANG module changes

A picture of a cute animal (not mandatory but encouraged)

@xumia xumia requested a review from lguohan as a code owner August 5, 2022 08:01
@xumia xumia requested a review from richardyu-ms August 5, 2022 08:06
@xumia xumia added the Request for 202111 Branch For PRs being requested for 202111 branch label Aug 5, 2022
@xumia xumia merged commit 89772b6 into sonic-net:master Aug 8, 2022
@xumia xumia deleted the fix-CVE-2017-1000487 branch August 8, 2022 04:48
yxieca pushed a commit that referenced this pull request Aug 8, 2022
@xumia @yxieca
Fix CVE-2017-1000487 alert for thrift 0.14.1 (#11634)
9fd05ce 
Why I did it
Fix CVE-2017-1000487 alert in thrift 0.14.1.
See https://nvd.nist.gov/vuln/detail/CVE-2017-1000487

How I did it
Change the version of org.codehaus.plexus:plexus-utils from 3.0.14 to 3.0.16.
skbarista pushed a commit to skbarista/sonic-buildimage that referenced this pull request Aug 17, 2022
@xumia @skbarista
Fix CVE-2017-1000487 alert for thrift 0.14.1 (sonic-net#11634)
a79da18 
Why I did it
Fix CVE-2017-1000487 alert in thrift 0.14.1.
See https://nvd.nist.gov/vuln/detail/CVE-2017-1000487

How I did it
Change the version of org.codehaus.plexus:plexus-utils from 3.0.14 to 3.0.16.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@richardyu-ms richardyu-ms richardyu-ms approved these changes

@lguohan lguohan Awaiting requested review from lguohan lguohan is a code owner

Assignees
No one assigned
Labels
Included in 202205 Branch Request for 202111 Branch For PRs being requested for 202111 branch Request for 202205 Branch Security 🛡️
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@xumia @richardyu-ms @yxieca