[ https://issues.apache.org/jira/browse/HBASE-20582?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16490123#comment-16490123 ]
Sean Busbey commented on HBASE-20582: ------------------------------------- looks like this is MENFORCER-300 > Bump up JRuby version because of some reported vulnerabilities > -------------------------------------------------------------- > > Key: HBASE-20582 > URL: https://issues.apache.org/jira/browse/HBASE-20582 > Project: HBase > Issue Type: Bug > Components: dependencies, shell > Reporter: Ankit Singhal > Assignee: Josh Elser > Priority: Major > Fix For: 3.0.0, 2.1.0 > > Attachments: HBASE-20582.002.patch, HBASE-20582.patch > > > There are some vulnerabilities reported with two of the libraries used in > HBase. > {code:java} > Jruby(version:9.1.10.0): > CVE-2009-5147 > CVE-2013-4363 > CVE-2014-4975 > CVE-2014-8080 > CVE-2014-8090 > CVE-2015-3900 > CVE-2015-7551 > CVE-2015-9096 > CVE-2017-0899 > CVE-2017-0900 > CVE-2017-0901 > CVE-2017-0902 > CVE-2017-0903 > CVE-2017-10784 > CVE-2017-14064 > CVE-2017-9224 > CVE-2017-9225 > CVE-2017-9226 > CVE-2017-9227 > CVE-2017-9228 > {code} > Tool somehow able to relate the vulnerability of Ruby with JRuby(Java > implementation). (Jackson will be handled in a different issue.) > Not all of them directly affects HBase but [~elserj] suggested that it is > better to be on the updated version to avoid issues during an audit in > security sensitive organization. > -- This message was sent by Atlassian JIRA (v7.6.3#76005)