Re: security vulnerability: janusgraph-full-1.0.0-rc1: in ./lib ( netty-all.4.1.58.Final) as well as ./lib/gremlin-console-3.6.1.jar & gremlin-driver.3.6.1.jar (netty-all.4.1.77.Final)

Home Messages Hashtags Subgroups Calendar

#6682

Re: security vulnerability: janusgraph-full-1.0.0-rc1: in ./lib ( netty-all.4.1.58.Final) as well as ./lib/gremlin-console-3.6.1.jar & gremlin-driver.3.6.1.jar (netty-all.4.1.77.Final)

hadoopmarc@...

Hi Yingjie,

Still not clear to me.

what do you mean with "they embed netty-all.4.1.77.Final.jar"? The gremlin jars only contain the code from Tinkerpop, no netty bytecode.
the Cassandra lib directory need not be used, it is only included to run a local Cassandra instance for the bin/janusgraph.sh script. So, you can simply remove the cassandra directory and still use gremlin-console.

Also note that there is a separate thread for feedback on janusgraph-1.0.0-rc1, but it is OK to have the current discussion here to find out what the actual issue is.

Marc

Show quoted text

On Wed, Jan 25, 2023 at 01:16 PM, Yingjie Li wrote:

they
embed netty-all.4.1.77.Final.jar

View All 4 Messages In Topic

#6682

Join {janusgraph-users@lists.lfaidata.foundation to automatically receive all group messages.