[
https://issues.apache.org/jira/browse/RANGER-4038?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17910965#comment-17910965
]
Bhavik Patel commented on RANGER-4038:
--------------------------------------
Hi [~avazquez] thank you for working on this much-needed upgrade. Is this full
working feature or still under development?
At a high level, I have reviewed your pull request. Here are a couple of my
thoughts:
1. I believe it is possible to segregate JDK 17 support and the migration from
javax to jakarta.
2. For shading the hadoop-common and hadoop-auth dependencies, could you use a
Maven plugin? Additionally, can you kindly explain the current approach you
have followed, how these shaded jars are bundled in the Rangers tarball, and
their usage in the Ranger code?
> Upgrade spring framework and spring security versions
> -----------------------------------------------------
>
> Key: RANGER-4038
> URL: https://issues.apache.org/jira/browse/RANGER-4038
> Project: Ranger
> Issue Type: Bug
> Components: Ranger
> Reporter: Himanshu Maurya
> Assignee: Himanshu Maurya
> Priority: Major
>
> Pivotal Spring Framework up to (excluding) 6.0.0 suffers from a potential
> remote code execution (RCE) issue if used for Java deserialization of
> untrusted data. Depending on how the library is implemented within a product,
> this issue may or not occur, and authentication may be required.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
