[ https://issues.apache.org/jira/browse/HADOOP-18333?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17567946#comment-17567946 ]
PJ Fanning commented on HADOOP-18333: ------------------------------------- [~ste...@apache.org] Is this a change that could be considered for Hadoop 3.3.4? > hadoop-client-runtime impact by CVE-2022-2047 due to shaded jetty > ----------------------------------------------------------------- > > Key: HADOOP-18333 > URL: https://issues.apache.org/jira/browse/HADOOP-18333 > Project: Hadoop Common > Issue Type: Improvement > Affects Versions: 3.3.3 > Reporter: phoebe chen > Assignee: Ashutosh Gupta > Priority: Major > Labels: pull-request-available > Time Spent: 0.5h > Remaining Estimate: 0h > > CVE-2022-2047 is recently found for Eclipse Jetty, and impacts 9.4.0 thru > 9.4.46. > In latest 3.3.3 of hadoop-client-runtime, it shaded 9.4.43.v20210629 version > jetty which is impacted. > In Trunch, Jetty is in version 9.4.44.v20210927, which is still impacted. > Need to upgrade Jetty Version. -- This message was sent by Atlassian Jira (v8.20.10#820010) --------------------------------------------------------------------- To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org