Bumped up the Dropdown Wizard to address the Security Vulnerabilities#3051
Open
rangansa wants to merge 1 commit intoMarquezProject:mainfrom
Open
Bumped up the Dropdown Wizard to address the Security Vulnerabilities#3051rangansa wants to merge 1 commit intoMarquezProject:mainfrom
rangansa wants to merge 1 commit intoMarquezProject:mainfrom
Conversation
Signed-off-by: meena010 <meena.bsc2009@gmail.com>
|
Thanks for opening your first pull request in the Marquez project! Please check out our contributing guidelines (https://github.com/MarquezProject/marquez/blob/main/CONTRIBUTING.md). |
❌ Deploy Preview for peppy-sprite-186812 failed.
|
rangansa
commented
Apr 6, 2025
Author
rangansa
left a comment
rangansa
left a comment
There was a problem hiding this comment.
@wslulciuc - Can you please review my changes. Thanks.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
The current versions of several Dropwizard components contain known security vulnerabilities, including CVE-2024-6763. To mitigate these risks and ensure the application remains secure, it is necessary to upgrade the affected Dropwizard libraries to version 4.0.13. This upgrade addresses high and critical severity issues, enhancing the overall security posture of the system.
Issue: #3040
Solution
Following JARS need to be upgraded to address the high and critical security vulnerabilities
io.dropwizard:dropwizard-logging
Upgrade the version to 4.0.13 [https://mvnrepository.com/artifact/io.dropwizard/dropwizard-logging/4.0.13]
io.dropwizard:dropwizard-request-logging
Upgrade the version to 4.0.13 [https://mvnrepository.com/artifact/io.dropwizard/dropwizard-request-logging/4.0.13]
CVE-2024-6763 - Low Priority (3.7) and can be ignored for now
io.dropwizard:dropwizard-json-logging
Upgrade the version to 4.0.13 [https://mvnrepository.com/artifact/io.dropwizard/dropwizard-json-logging/4.0.13]
CVE-2024-6763 - Low Priority (3.7) and can be ignored for now
io.dropwizard:dropwizard-http2
Upgrade the version to 4.0.13 [https://mvnrepository.com/artifact/io.dropwizard/dropwizard-http2/4.0.13]
CVE-2024-6763 - Low Priority (3.7) and can be ignored for now
One-line summary: Dropwizard version has been upgraded to handle security vulnerabilities issues.
Checklist
CHANGELOG.md(Depending on the change, this may not be necessary)..sqldatabase schema migration according to Flyway's naming convention (if relevant)