[ https://issues.apache.org/jira/browse/HADOOP-16676?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16972718#comment-16972718 ]
Wei-Chiu Chuang commented on HADOOP-16676: ------------------------------------------ Pushed to branch-3.2. The patch doesn't apply cleanly to branch-3.1. [~smeng] could you file another jira and provide a branch-3.1 patch? > Backport HADOOP-16152 to branch-3.2 > ----------------------------------- > > Key: HADOOP-16676 > URL: https://issues.apache.org/jira/browse/HADOOP-16676 > Project: Hadoop Common > Issue Type: Bug > Components: common > Affects Versions: 3.2.1 > Reporter: DW > Assignee: Siyao Meng > Priority: Major > Fix For: 3.2.2 > > Attachments: HADOOP-16676.branch-3.2.001.patch, > HADOOP-16676.branch-3.2.001.patch, HADOOP-16676.branch-3.2.002.patch > > > Hello, > > org.apache.hadoop:hadoop-common define the dependency to jetty-webapp and > jetty-xml in version v9.3.24 with known CVE-2017-9735. Please can you upgrade > to version 9.4.7 or higher? > +--- org.apache.hadoop:hadoop-client:3.2.1 > | +--- org.apache.hadoop:hadoop-common:3.2.1 > | +--- org.eclipse.jetty:jetty-webapp:9.3.24.v20180605 > | | | +--- org.eclipse.jetty:jetty-xml:9.3.24.v20180605 > | | | \--- org.eclipse.jetty:jetty-servlet:9.3.24.v20180605 (*) -- This message was sent by Atlassian Jira (v8.3.4#803005) --------------------------------------------------------------------- To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org