This version of the connector is using commons-beanutils:commons-beanutils:1.9.3 which has a documented vulnerability: SNYK-JAVA-COMMONSBEANUTILS-460111. In our organization every artifact is checked against this type of vulnerabilities therefore I am unable to use the latest version. Could you create a version that is free of vulnerabilites?
DataStax Academy FAQ
DataStax Academy migrated to a new learning management system (LMS) in July 2020. We are also moving to a new Cassandra Certification process so there are changes to exam bookings, voucher system and issuing of certificates.
Check out the Academy FAQ pages for answers to your questions:
- Haven't heard back about exams or vouchers? [NEW August 7]
- When can I book an exam? [NEW August 10]
- How do I qualify for an exam voucher? [NEW August 10]
- How long are the coupons valid for? [NEW August 10]
- Why can't I see my old exam result or certificate? [UPDATED August 10]
- What happened to my previous exam voucher? [UPDATED August 10]
- Why is my previous course progress not shown on the new Academy?
commons-utils v1.9.3 in spark-cassandra-connector v2.0.12 is vulnerable to CVE-2014-0114
@ortizfabio_185816 Thanks for bringing to this to our attention. As per the instructions on GitHub (https://github.com/datastax/spark-cassandra-connector#reporting-bugs), I've logged SPARKC-569 to have the issue assessed and addressed. Cheers!
5 People are following this question.
