Skip to content

Commit

Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Loading
Loading status checks…
pending-upstream-fix advisory for tez: GHSA-pr98-23f8-jwxv
Browse files Browse the repository at this point in the history 
Signed-off-by: Mark McCormick <[email protected]>
@mamccorm
mamccorm committed Jan 17, 2025

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode
1 parent 1ab1f83 commit 31ab236
Showing 1 changed file with 7 additions and 0 deletions.
7 changes: 7 additions & 0 deletions tez.advisories.yaml
View file
Original file line number Diff line number Diff line change
@@ -125,6 +125,13 @@ advisories:
componentType: java-archive
componentLocation: /usr/share/java/tez/lib/logback-core-1.2.10.jar
scanner: grype
- timestamp: 2025-01-17T20:11:12Z
type: pending-upstream-fix
data:
note: |
logback-core is brought in as a transitive dependency.
Attempts to patch pom.xml were not successful in remediating this CVE.
Pending fix from upstream.
- id: CGA-459v-8fm2-rw72
aliases:

0 comments on commit 31ab236

Please sign in to comment.