Steve Vaughan created HADOOP-18311: -------------------------------------- Summary: Upgrade dependencies to address several CVEs Key: HADOOP-18311 URL: https://issues.apache.org/jira/browse/HADOOP-18311 Project: Hadoop Common Issue Type: Improvement Components: common Affects Versions: 3.3.3, 3.3.4 Reporter: Steve Vaughan Fix For: 3.3.4
The following CVEs can be addressed by upgrading dependencies within the build. This includes a replacement of HTrace with a noop implementation. * CVE-2018-7489 * CVE-2020-10663 * CVE-2020-28491 * CVE-2020-35490 * CVE-2020-35491 * CVE-2020-36518 * PRISMA-2021-0182 This addresses all of the CVEs from 3.3.3 except for ones that would require upgrading Netty to 4.x. I'll be submitting a pull request for 3.3.4. -- This message was sent by Atlassian Jira (v8.20.7#820007) --------------------------------------------------------------------- To unsubscribe, e-mail: common-dev-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-dev-h...@hadoop.apache.org