[ https://issues.apache.org/jira/browse/HADOOP-18655?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17701656#comment-17701656 ]
ASF GitHub Bot commented on HADOOP-18655: ----------------------------------------- steveloughran commented on PR #5484: URL: https://github.com/apache/hadoop/pull/5484#issuecomment-1473658777 not resolving without a solr update first. either we abandon this patch *or* whatever solr update went in is backported. That's more intimate with YARN and so they'll need to get involved for their opinions ``` [INFO] [INFO] - > Upgrade Kerby to 2.0.3 due to CVE-2023-25613 > -------------------------------------------- > > Key: HADOOP-18655 > URL: https://issues.apache.org/jira/browse/HADOOP-18655 > Project: Hadoop Common > Issue Type: Task > Components: build > Affects Versions: 3.3.4 > Reporter: Rohit Kumar Badeau > Assignee: Rohit Kumar Badeau > Priority: Minor > Labels: pull-request-available > Fix For: 3.4.0 > > > An LDAP Injection vulnerability exists in the LdapIdentityBackend of Apache > Kerby before 2.0.3. > CVSSv3 Score:- 9.8(Critical) > [https://nvd.nist.gov/vuln/detail/CVE-2023-25613] -- This message was sent by Atlassian Jira (v8.20.10#820010) --------------------------------------------------------------------- To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org