[ https://issues.apache.org/jira/browse/HADOOP-17633?focusedWorklogId=582539&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-582539 ]
ASF GitHub Bot logged work on HADOOP-17633: ------------------------------------------- Author: ASF GitHub Bot Created on: 14/Apr/21 14:25 Start Date: 14/Apr/21 14:25 Worklog Time Spent: 10m Work Description: virajjasani commented on a change in pull request #2895: URL: https://github.com/apache/hadoop/pull/2895#discussion_r613292135 ########## File path: hadoop-project/pom.xml ########## @@ -210,6 +210,8 @@ <openssl-wildfly.version>1.0.7.Final</openssl-wildfly.version> <jsonschema2pojo.version>1.0.2</jsonschema2pojo.version> <woodstox.version>5.3.0</woodstox.version> + <json-smart.version>2.4.2</json-smart.version> + <nimbus-jose-jwt.version>9.8</nimbus-jose-jwt.version> Review comment: That's correct, 9.8.1 seems latest. Maven repository showed highest usage for 9.8 and 9.8.1 is quite recent, hence I thought of using 9.8. However, I think we can use 9.8.1 as things look good with 9.8 so there should not be much difference with 9.8.1 either. Edit: Just realized 9.8 is also recent only, so I agree we should go with 9.8.1 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org Issue Time Tracking ------------------- Worklog Id: (was: 582539) Time Spent: 3h (was: 2h 50m) > Please upgrade json-smart dependency to the latest version > ---------------------------------------------------------- > > Key: HADOOP-17633 > URL: https://issues.apache.org/jira/browse/HADOOP-17633 > Project: Hadoop Common > Issue Type: Improvement > Components: auth, build > Affects Versions: 3.3.0, 3.2.1, 3.2.2, 3.4.0 > Reporter: helen huang > Assignee: Viraj Jasani > Priority: Major > Labels: pull-request-available > Time Spent: 3h > Remaining Estimate: 0h > > Please upgrade the json-smart dependency to the latest version available. > Currently hadoop-auth is using version 2.3. Fortify scan picked up a security > issue with this version. Please upgrade to the latest version. > Thanks! > -- This message was sent by Atlassian Jira (v8.3.4#803005) --------------------------------------------------------------------- To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org