Open pjpringle opened 3 months ago
@pjpringle Could you share which RisingWave version are you using?
1.8
Hi, @pjpringle
I believe that most of these reported vulnerabilities are not due to the direct dependency of RisingWave. For example, we were actually using <jackson.version>2.13.5</jackson.version>
in 1.8 but the reported version is
2.4.0.
See https://github.com/risingwavelabs/risingwave/blob/v1.8.0/java/pom.xml
May I ask which tool are you using to detect these issues?
Docker image has a lot of java libraries which fail enterprise vulnerability scans.