[ https://issues.apache.org/jira/browse/HDFS-15333?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Hridesh updated HDFS-15333: --------------------------- Summary: Vulnerability fixes need for jackson-databinding HDFS dependency library (was: Vulnerability fixes need for jackson-databinding on "HTrace") > Vulnerability fixes need for jackson-databinding HDFS dependency library > ------------------------------------------------------------------------ > > Key: HDFS-15333 > URL: https://issues.apache.org/jira/browse/HDFS-15333 > Project: Hadoop HDFS > Issue Type: Improvement > Components: security > Affects Versions: 3.2.1 > Environment: [^hdfs_imagescan_result.csv] > Reporter: Hridesh > Priority: Critical > Attachments: hdfs_imagescan_result.csv > > > HDFS dependent library "htrace-core4-4.1.0-incubating" build with jackson > 2.4.0. POM URL: > [https://github.com/apache/incubator-retired-htrace/blob/e12b5fcfaafa56d676fee5f873da01df6b61dac9/pom.xml.] > > Jackson version < 2.9.1 has below list of vulnerabilities: > CVE-2019-14379 > CVE-2019-16335 > CVE-2019-17531 > CVE-2019-14540 > CVE-2018-11307 > CVE-2019-12402 > CVE-2018-7489 > CVE-2018-12022 > CVE-2019-14439 > CVE-2017-15095 > CVE-2017-7525 > CVE-2017-17485 > > Attaching image scan result file. > -- This message was sent by Atlassian Jira (v8.3.4#803005) --------------------------------------------------------------------- To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org