[ https://issues.apache.org/jira/browse/HADOOP-19237?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17871006#comment-17871006 ]
ASF GitHub Bot commented on HADOOP-19237: ----------------------------------------- ShibasishDelphix commented on PR #6961: URL: https://github.com/apache/hadoop/pull/6961#issuecomment-2268625255 Hello team, Could you please confirm when 3.4.1 is planned to release which will have this fix? > upgrade dnsjava to 3.6.0 due to CVEs > ------------------------------------ > > Key: HADOOP-19237 > URL: https://issues.apache.org/jira/browse/HADOOP-19237 > Project: Hadoop Common > Issue Type: Task > Reporter: PJ Fanning > Assignee: PJ Fanning > Priority: Major > Labels: pull-request-available > Fix For: 3.5.0, 3.4.1 > > > See https://github.com/apache/hadoop/pull/6955 - but this is missing the > necessary change to LICENSE-binary (which already has an out of date version > for dnsjava). > * CVE-2024-25638 https://github.com/advisories/GHSA-cfxw-4h78-h7fw > * https://github.com/advisories/GHSA-mmwx-rj87-vfgr > * https://github.com/advisories/GHSA-crjg-w57m-rqqf -- This message was sent by Atlassian Jira (v8.20.10#820010) --------------------------------------------------------------------- To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org