[
https://issues.apache.org/jira/browse/TEZ-4083?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16960001#comment-16960001
]
László Bodor commented on TEZ-4083:
-----------------------------------
I don't think it supports
as far as I can see, upstream tez tries to follow hadoop from dependency point
of view (tez upgrades dependency if hadoop already did so for the same dep),
that's why I was thinking that we shall resolve this one only after 1) hadoop
3.3.0 is released, 2) tez upgrades to hadoop 3.3.0
(in the meantime, on internal product branches, we will handle this by manually
setting jetty version of tez, if needed)
> Upgrade to latest 9.4.x Jetty version
> -------------------------------------
>
> Key: TEZ-4083
> URL: https://issues.apache.org/jira/browse/TEZ-4083
> Project: Apache Tez
> Issue Type: Improvement
> Reporter: Daniel Velasquez
> Assignee: László Bodor
> Priority: Major
> Attachments: TEZ-4083.01.patch
>
>
> Jetty 9.3.24.v20180605 has security vulnerabilities where the server is
> vulnerable to XSS conditions.
> [https://www.cvedetails.com/cve/CVE-2019-10241/]
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
