[
https://issues.apache.org/jira/browse/HADOOP-19237?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17871006#comment-17871006
]
ASF GitHub Bot commented on HADOOP-19237:
-----------------------------------------
ShibasishDelphix commented on PR #6961:
URL: https://github.com/apache/hadoop/pull/6961#issuecomment-2268625255
Hello team,
Could you please confirm when 3.4.1 is planned to release which will have
this fix?
> upgrade dnsjava to 3.6.0 due to CVEs
> ------------------------------------
>
> Key: HADOOP-19237
> URL: https://issues.apache.org/jira/browse/HADOOP-19237
> Project: Hadoop Common
> Issue Type: Task
> Reporter: PJ Fanning
> Assignee: PJ Fanning
> Priority: Major
> Labels: pull-request-available
> Fix For: 3.5.0, 3.4.1
>
>
> See https://github.com/apache/hadoop/pull/6955 - but this is missing the
> necessary change to LICENSE-binary (which already has an out of date version
> for dnsjava).
> * CVE-2024-25638 https://github.com/advisories/GHSA-cfxw-4h78-h7fw
> * https://github.com/advisories/GHSA-mmwx-rj87-vfgr
> * https://github.com/advisories/GHSA-crjg-w57m-rqqf
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org
