marquez icon indicating copy to clipboard operation
marquez copied to clipboard

Published 20 hours ago verified publisher icon MarquezProject

Security Vulnerabilities Fixes

Open rangansa opened this issue 8 months ago • 2 comments

The dependencies org.eclipse.parsson:parsson, ch.qos.logback:logback-core, and org.eclipse.jetty.http2:http2-common have been identified as sources of security vulnerabilities in OpenSearch, which is integrated into Marquez.

To mitigate these vulnerabilities, please upgrade OpenSearch to a newer version that addresses these issues and release an updated version of Marquez Image.

rangansa avatar Mar 24 '25 02:03 rangansa

Thanks for opening your first issue in the Marquez project! Please be sure to follow the issue template!

boring-cyborg[bot] avatar Mar 24 '25 02:03 boring-cyborg[bot]

@wslulciuc - Can you please review and provide necessary feedback. Note, I see OpenSearch has been bumped up to 2.16.0 in the main branch which will fix the parsson issue however other two might need updated version of logback-core and http2-common in the OpenSearch repository.

rangansa avatar Mar 24 '25 02:03 rangansa