[ 
https://issues.apache.org/jira/browse/HADOOP-18492?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17616477#comment-17616477
 ] 

PJ Fanning commented on HADOOP-18492:
-------------------------------------

[~groot] I already have [https://github.com/apache/hadoop/pull/5007] - thanks 
for your quick response

> upgrade commons-text to 1.10.0
> ------------------------------
>
>                 Key: HADOOP-18492
>                 URL: https://issues.apache.org/jira/browse/HADOOP-18492
>             Project: Hadoop Common
>          Issue Type: Improvement
>            Reporter: PJ Fanning
>            Assignee: Ashutosh Gupta
>            Priority: Major
>
> Extends HADOOP-18341
> [https://commons.apache.org/proper/commons-text/changes-report.html#a1.10.0]
> StringInterpolator prior to v1.10.0 allowed scripting that could be 
> problematic – a similar issue to one that led to CVE in 
> commons-configuation2. 



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org

Reply via email to