From this webpage screenshot, the following key information about the vulnerability can be obtained: Pull Request #8878: Used to fix security vulnerabilities. Fixed Issues: #4798 and #6347. Description: Security vulnerabilities resolved by upgrading third-party libraries, including: - upgraded to 1.9.1 (Sonatype-2019-0915) - upgraded to 2.8.0 (Sonatype-2019-0928) - upgraded to 1.9.4 (CVE-2014-0114, Sonatype-2012-0050) - upgraded to 1.13 (CVE-2018-12402) - upgraded to 1.19 (CVE-2018-17767) - upgraded to 2.8.5 (CVE-2018-17767) - upgraded to 2.8.5 (CVE-2018-3106) - upgraded to 5.2.5 (CVE-2017-7536) - upgraded to 4.5.10 (Sonatype-2017-0339) - upgraded to 55.1 (CVE-2014-8147) - upgraded to 2.6.7.3 (CVE-2017-7545) - upgraded to 9.4.12 (CVE-2017-7657, CVE-2017-7658, CVE-2017-7656, CVE-2018-12545) - upgraded to 2.8.2 (CVE-2017-5645, CVE-2015-2110) - upgraded to 4.1.42 (CVE-2019-9518) - upgraded to 4.1.42 (CVE-2019-16869) - upgraded to 4.41.1 (CVE-2017-12972, CVE-2017-12974) - upgraded to 3.0.24 (CVE-2017-1000487, Sonatype-2015-0173, Sonatype-2016-0398) - upgraded to 42.2.8 (CVE-2018-10936) Note: If users are using JDBC to look up PostgreSQL, they may need to update the JDBC jar used by the lookup extension. PR Status: - Self-reviewed - Documentation added for new features or behavioral changes - Version, license, or notice information updated or added - Comments added explaining the "why" and intent of the code - Tested in a Druid cluster