Apache Ignite 2.7.0 发布了,这是一个安全更新版本。
此版本替换了以下依赖项以避免用户受到第三方软件攻击:
Apache Log4j https://nvd.nist.gov/vuln/detail/CVE-2017-5645 FasterXML jackson-databind https://nvd.nist.gov/vuln/detail/CVE-2017-15095 , https://nvd.nist.gov/vuln/detail/CVE-2017-17485 , https://nvd.nist.gov/vuln/detail/CVE-2017-7525 , https://nvd.nist.gov/vuln/detail/CVE-2018-5968 , https://nvd.nist.gov/vuln/detail/CVE-2018-7489 Scala https://nvd.nist.gov/vuln/detail/CVE-2017-15288 Apache Commons https://nvd.nist.gov/vuln/detail/CVE-2015-6420 , https://nvd.nist.gov/vuln/detail/CVE-2015-7501 , https://nvd.nist.gov/vuln/detail/CVE-2017-15708 Netty Project https://nvd.nist.gov/vuln/detail/CVE-2016-4970 JCraft https://nvd.nist.gov/vuln/detail/CVE-2016-5725 Apache Tomcat https://nvd.nist.gov/vuln/detail/CVE-2016-3092 , https://nvd.nist.gov/vuln/detail/CVE-2016-8735 , https://nvd.nist.gov/vuln/detail/CVE-2018-8014 Guava https://nvd.nist.gov/vuln/detail/CVE-2018-10237 Apache Camel https://nvd.nist.gov/vuln/detail/CVE-2015-5344 , https://nvd.nist.gov/vuln/detail/CVE-2015-5348 , https://nvd.nist.gov/vuln/detail/CVE-2016-8749 , https://nvd.nist.gov/vuln/detail/CVE-2017-12633 , https://nvd.nist.gov/vuln/detail/CVE-2017-12634 , https://nvd.nist.gov/vuln/detail/CVE-2017-3159 , https://nvd.nist.gov/vuln/detail/CVE-2017-5643 Spring Framework https://nvd.nist.gov/vuln/detail/CVE-2018-1257 , https://nvd.nist.gov/vuln/detail/CVE-2018-1258 Spring Data Commons https://nvd.nist.gov/vuln/detail/CVE-2018-1259 , https://nvd.nist.gov/vuln/detail/CVE-2018-1273 Jetty https://nvd.nist.gov/vuln/detail/CVE-2016-4800 , https://nvd.nist.gov/vuln/detail/CVE-2017-9735 , https://nvd.nist.gov/vuln/detail/CVE-2016-4800 , https://nvd.nist.gov/vuln/detail/CVE-2017-9735 , https://nvd.nist.gov/vuln/detail/CVE-2016-4800 , https://nvd.nist.gov/vuln/detail/CVE-2017-7658 Lucene https://nvd.nist.gov/vuln/detail/CVE-2017-12629 Mitigation: Upgrade to Apache Ignite 2.7 or later version