[ https://issues.apache.org/jira/browse/HADOOP-18512?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ayush Saxena resolved HADOOP-18512. ----------------------------------- Fix Version/s: 3.4.0 3.3.5 Hadoop Flags: Reviewed Resolution: Fixed > upgrade woodstox-core to 5.4.0 for security fix > ----------------------------------------------- > > Key: HADOOP-18512 > URL: https://issues.apache.org/jira/browse/HADOOP-18512 > Project: Hadoop Common > Issue Type: Improvement > Components: common > Affects Versions: 3.3.4 > Reporter: phoebe chen > Assignee: PJ Fanning > Priority: Major > Labels: pull-request-available > Fix For: 3.4.0, 3.3.5 > > > Per [issue|https://github.com/FasterXML/woodstox/issues/157], woodstox-core > 5.3.0 has security vulnerability and need to upgrade to 5.4.0 for fix. > The Hadoop Configuration classes uses woodstox to parse the XML format > (core-site.xml, ...) but > * people don't normally put in DTDs > * the XML format is not the wire format used when applications submit jobs to > the yarn resource manager. > * when parsing untrusted XML configuration files in restricted mode (eg. > oozie workflows), DTD support is already disabled -- This message was sent by Atlassian Jira (v8.20.10#820010) --------------------------------------------------------------------- To unsubscribe, e-mail: common-dev-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-dev-h...@hadoop.apache.org