[jira] [Updated] (HADOOP-19578) Upgrade com.huaweicloud:esdk-obs-java for CVE-2023-3635

ASF GitHub Bot (Jira) Sun, 25 May 2025 02:17:04 -0700


     [ 
https://issues.apache.org/jira/browse/HADOOP-19578?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


ASF GitHub Bot updated HADOOP-19578:
------------------------------------
    Labels: pull-request-available  (was: )

> Upgrade com.huaweicloud:esdk-obs-java for CVE-2023-3635
> -------------------------------------------------------
>
>                 Key: HADOOP-19578
>                 URL: https://issues.apache.org/jira/browse/HADOOP-19578
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: cloud-storage, huaweicloud
>    Affects Versions: 3.3.6, 3.4.1
>            Reporter: Yaniv Kunda
>            Priority: Major
>              Labels: pull-request-available
>
> The {{com.huaweicloud:esdk-obs-java}} dependency , used exclusively by the 
> {{hadoop-huaweicloud}} uses {{com.squareup.okio:okio:1.17.2}} which has 
> [CVE-2023-3635|https://nvd.nist.gov/vuln/detail/cve-2023-3635].
> Upgrading it will use a newer fixed version of {{okio}}, which will mitigate 
> the vulnerability.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org

[jira] [Updated] (HADOOP-19578) Upgrade com.huaweicloud:esdk-obs-java for CVE-2023-3635

Reply via email to