[jira] [Updated] (HADOOP-18492) upgrade commons-text to 1.10.0

PJ Fanning (Jira) Wed, 12 Oct 2022 07:34:05 -0700


     [ 
https://issues.apache.org/jira/browse/HADOOP-18492?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


PJ Fanning updated HADOOP-18492:
--------------------------------
    Description: 
Extends HADOOP-18341

[https://commons.apache.org/proper/commons-text/changes-report.html#a1.10.0]

StringInterpolator prior to v1.10.0 allowed scripting that could be problematic 
– a similar issue to one that led to CVE in commons-configuation2. 

  was:
Extends HADOOP-18341

[https://commons.apache.org/proper/commons-text/changes-report.html#a1.10.0]

StringInterpolator prior to v1.10.0 allowed scripting that could be problematic.


> upgrade commons-text to 1.10.0
> ------------------------------
>
>                 Key: HADOOP-18492
>                 URL: https://issues.apache.org/jira/browse/HADOOP-18492
>             Project: Hadoop Common
>          Issue Type: Improvement
>            Reporter: PJ Fanning
>            Priority: Major
>
> Extends HADOOP-18341
> [https://commons.apache.org/proper/commons-text/changes-report.html#a1.10.0]
> StringInterpolator prior to v1.10.0 allowed scripting that could be 
> problematic – a similar issue to one that led to CVE in 
> commons-configuation2. 



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org

[jira] [Updated] (HADOOP-18492) upgrade commons-text to 1.10.0

Reply via email to