Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Date: Fri, 7 Dec 2018 17:06:27 +0300
From: Dmitriy Pavlov <>
To: user <>, dev <>, 
	"" <>,,
Subject: [ANNOUNCE] Apache Ignite 2.7.0 Vulnerable Dependecies Updates

The Apache Ignite Community is pleased to announce that recently released
Apache Ignite 2.7.0 replaces some vulnerable dependencies to versions with

Apache Ignite  is a memory-centric distributed
database, caching, and processing platform for transactional, analytical,
and streaming workloads delivering in-memory speeds at petabyte scale.

Apache Ignite 2.7 replaced following dependencies in to avoid usage of
vulnerable 3rd party software by end users:

Apache Log4j

FasterXML jackson-databind , , , ,


Apache Commons , ,

Netty Project


Apache Tomcat , ,


Apache Camel , , , ,  , ,

Spring Framework ,

Spring Data Commons ,

Jetty , , , , ,


•    Upgrade to Apache Ignite 2.7 or later version

Segu Riluvan discovered the usage of vulnerable modules in dependencies of
Apache Ignite.

Thanks for everyone who was involved into dependencies migration.

Best Regards,

Dmitriy Pavlov on behalf of Apache Ignite community

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.