Fix security vulnerabilities in `h2o3 3.46.0.2 87`

h2oai / h2o-3

H2O is an Open Source, Distributed, Fast & Scalable Machine Learning Platform: Deep Learning, Gradient Boosting (GBM) & XGBoost, Random Forest, Generalized Linear Modeling (GLM with Elastic Net), K-Means, PCA, Generalized Additive Models (GAM), RuleFit, Support Vector Machine (SVM), Stacked Ensembles, Automatic Machine Learning (AutoML), etc.

http://h2o.ai

Apache License 2.0

6.87k stars 1.99k forks source link

Fix security vulnerabilities in `h2o3 3.46.0.2 87` #16300

Closed poornaSavindi closed 1 month ago

poornaSavindi commented 3 months ago

fixes PRISMA-2023-0067

rsujeevan commented 3 months ago

I noticed high vulnerability from com.fasterxml.jackson.core_jackson-core

Screenshot 2024-06-10 at 10 51 32 AM

rsujeevan commented 3 months ago

✅ I just noticed that the com.fasterxml.jackson.core_jackson-core library has been updated to version 2.15.0.

I noticed that we are using version 2.16.0 in the jdbc.jar. Can we update to a newer version?

rsujeevan commented 3 months ago

@poornaSavindi @this, do guys think we can get this for RC3? I believe h2o3-3.46.0.3 has been released. Is it possible to incorporate these changes on top of 3.46.0.3?

rsujeevan commented 3 months ago

@poornaSavindi Can we incorporate changes from 3.46.0.3 release?

this commented 3 months ago

@poornaSavindi @rsujeevan PR https://github.com/h2oai/h2o-3/pull/16169 has been merged. So hopefully there will be a new release from the v3.46.0.x (i.e. 3.46.0.4) series. And we can use that. @poornaSavindi please followup with the h2o-3 team about the new release.