[jira] [Updated] (TEZ-4560) Upgrade bouncycastle to 1.77 due to CVE.
[ https://issues.apache.org/jira/browse/TEZ-4560?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Shilun Fan updated TEZ-4560: Description: There are 2 CVE issues in bcprov-jdk15on, CVE-2023-33202 and CVE-2023-33201. We can find more information at the following link: [https://mvnrepository.com/artifact/org.bouncycastle/bcprov-jdk15on/1.70] The link to the CVE is as follows: [CVE-2023-33202|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33202] [CVE-2023-33201|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33201] We can upgrade bcprov-jdk15on to bcprov-jdk18on to address the CVE issues. was: There are 2 CVE issues in bcprov-jdk15on, CVE-2023-33202 and CVE-2023-33201. We can find more information at the following link: [https://mvnrepository.com/artifact/org.bouncycastle/bcprov-jdk15on/1.70] [CVE-2023-33202|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33202] [CVE-2023-33201|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33201] > Upgrade bouncycastle to 1.77 due to CVE. > > > Key: TEZ-4560 > URL: https://issues.apache.org/jira/browse/TEZ-4560 > Project: Apache Tez > Issue Type: Improvement >Reporter: Shilun Fan >Assignee: Shilun Fan >Priority: Major > > There are 2 CVE issues in bcprov-jdk15on, CVE-2023-33202 and CVE-2023-33201. > We can find more information at the following link: > [https://mvnrepository.com/artifact/org.bouncycastle/bcprov-jdk15on/1.70] > The link to the CVE is as follows: > [CVE-2023-33202|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33202] > [CVE-2023-33201|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33201] > We can upgrade bcprov-jdk15on to bcprov-jdk18on to address the CVE issues. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (TEZ-4560) Upgrade bouncycastle to 1.77 due to CVE.
Shilun Fan created TEZ-4560: --- Summary: Upgrade bouncycastle to 1.77 due to CVE. Key: TEZ-4560 URL: https://issues.apache.org/jira/browse/TEZ-4560 Project: Apache Tez Issue Type: Improvement Reporter: Shilun Fan Assignee: Shilun Fan There are 2 CVE issues in bcprov-jdk15on, CVE-2023-33202 and CVE-2023-33201. We can find more information at the following link: [https://mvnrepository.com/artifact/org.bouncycastle/bcprov-jdk15on/1.70] [CVE-2023-33202|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33202] [CVE-2023-33201|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33201] -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (TEZ-4552) Upgrade protobuf to 3.24.4 due to CVE.
[ https://issues.apache.org/jira/browse/TEZ-4552?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Shilun Fan updated TEZ-4552: Summary: Upgrade protobuf to 3.24.4 due to CVE. (was: Upgrade protobuf to 3.23.4. ) > Upgrade protobuf to 3.24.4 due to CVE. > -- > > Key: TEZ-4552 > URL: https://issues.apache.org/jira/browse/TEZ-4552 > Project: Apache Tez > Issue Type: Improvement >Reporter: Shilun Fan >Assignee: Shilun Fan >Priority: Major > Time Spent: 1h 50m > Remaining Estimate: 0h > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (TEZ-4552) Upgrade protobuf to 3.24.4 due to CVE.
[ https://issues.apache.org/jira/browse/TEZ-4552?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Shilun Fan updated TEZ-4552: Description: I found that there are 3 CVE issues that we need to deal with. These CVE issues are related to protobuf. Our protobuf uses 3.21.1, which is an old version. This PR will try to upgrade the protobuf version to solve the CVE issue. * [CVE-2022-3171|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3171] * [CVE-2022-3509|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3509] * [CVE-2022-3510|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3510] > Upgrade protobuf to 3.24.4 due to CVE. > -- > > Key: TEZ-4552 > URL: https://issues.apache.org/jira/browse/TEZ-4552 > Project: Apache Tez > Issue Type: Improvement >Reporter: Shilun Fan >Assignee: Shilun Fan >Priority: Major > Time Spent: 1h 50m > Remaining Estimate: 0h > > I found that there are 3 CVE issues that we need to deal with. These CVE > issues are related to protobuf. Our protobuf uses 3.21.1, which is an old > version. This PR will try to upgrade the protobuf version to solve the CVE > issue. > * > [CVE-2022-3171|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3171] > * > [CVE-2022-3509|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3509] > * > [CVE-2022-3510|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3510] -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (TEZ-4551) Upgrade commons-io to 2.16.0.
[ https://issues.apache.org/jira/browse/TEZ-4551?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Shilun Fan updated TEZ-4551: Description: We are currently using commons-io version 2.8.0, which is an older version (Sep 09, 2020). Commons-io has been upgraded to 2.16.0 (Mar 28, 2024). We can try to upgrade the version to 2.16.0. > Upgrade commons-io to 2.16.0. > -- > > Key: TEZ-4551 > URL: https://issues.apache.org/jira/browse/TEZ-4551 > Project: Apache Tez > Issue Type: Improvement >Reporter: Shilun Fan >Assignee: Shilun Fan >Priority: Major > Time Spent: 20m > Remaining Estimate: 0h > > We are currently using commons-io version 2.8.0, which is an older version > (Sep 09, 2020). Commons-io has been upgraded to 2.16.0 (Mar 28, 2024). We can > try to upgrade the version to 2.16.0. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Assigned] (TEZ-4551) Upgrade commons-io to 2.16.0.
[ https://issues.apache.org/jira/browse/TEZ-4551?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Shilun Fan reassigned TEZ-4551: --- Assignee: Shilun Fan > Upgrade commons-io to 2.16.0. > -- > > Key: TEZ-4551 > URL: https://issues.apache.org/jira/browse/TEZ-4551 > Project: Apache Tez > Issue Type: Improvement >Reporter: Shilun Fan >Assignee: Shilun Fan >Priority: Major > Time Spent: 20m > Remaining Estimate: 0h > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (TEZ-4552) Upgrade protobuf to 3.23.4.
Shilun Fan created TEZ-4552: --- Summary: Upgrade protobuf to 3.23.4. Key: TEZ-4552 URL: https://issues.apache.org/jira/browse/TEZ-4552 Project: Apache Tez Issue Type: Improvement Reporter: Shilun Fan Assignee: Shilun Fan -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (TEZ-4551) Upgrade commons-io to 2.16.0.
[ https://issues.apache.org/jira/browse/TEZ-4551?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Shilun Fan updated TEZ-4551: Issue Type: Improvement (was: Bug) > Upgrade commons-io to 2.16.0. > -- > > Key: TEZ-4551 > URL: https://issues.apache.org/jira/browse/TEZ-4551 > Project: Apache Tez > Issue Type: Improvement >Reporter: Shilun Fan >Priority: Major > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (TEZ-4551) Upgrade commons-io to 2.16.0.
Shilun Fan created TEZ-4551: --- Summary: Upgrade commons-io to 2.16.0. Key: TEZ-4551 URL: https://issues.apache.org/jira/browse/TEZ-4551 Project: Apache Tez Issue Type: Bug Reporter: Shilun Fan -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (TEZ-4550) Upgrade commons-cli to 1.6.0
[ https://issues.apache.org/jira/browse/TEZ-4550?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Shilun Fan updated TEZ-4550: Issue Type: Improvement (was: Bug) > Upgrade commons-cli to 1.6.0 > > > Key: TEZ-4550 > URL: https://issues.apache.org/jira/browse/TEZ-4550 > Project: Apache Tez > Issue Type: Improvement >Reporter: Shilun Fan >Assignee: Shilun Fan >Priority: Major > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (TEZ-4550) Upgrade commons-cli to 1.6.0
Shilun Fan created TEZ-4550: --- Summary: Upgrade commons-cli to 1.6.0 Key: TEZ-4550 URL: https://issues.apache.org/jira/browse/TEZ-4550 Project: Apache Tez Issue Type: Bug Reporter: Shilun Fan Assignee: Shilun Fan -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Reopened] (TEZ-4549) Upgrade Hadoop Version to 3.4.0
[ https://issues.apache.org/jira/browse/TEZ-4549?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Shilun Fan reopened TEZ-4549: - hadoop has been upgraded to 3.4.0, try to upgrade hadoop to 3.4.0 > Upgrade Hadoop Version to 3.4.0 > --- > > Key: TEZ-4549 > URL: https://issues.apache.org/jira/browse/TEZ-4549 > Project: Apache Tez > Issue Type: Improvement >Affects Versions: 0.10.4 >Reporter: Shilun Fan >Assignee: Shilun Fan >Priority: Major > > hadoop has been upgraded to 3.4.0, try to upgrade hadoop to 3.4.0 -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (TEZ-4549) Upgrade Hadoop Version to 3.4.0
[ https://issues.apache.org/jira/browse/TEZ-4549?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Shilun Fan updated TEZ-4549: Description: hadoop has been upgraded to 3.4.0, try to upgrade hadoop to 3.4.0 > Upgrade Hadoop Version to 3.4.0 > --- > > Key: TEZ-4549 > URL: https://issues.apache.org/jira/browse/TEZ-4549 > Project: Apache Tez > Issue Type: Improvement >Affects Versions: 0.10.4 >Reporter: Shilun Fan >Assignee: Shilun Fan >Priority: Major > > hadoop has been upgraded to 3.4.0, try to upgrade hadoop to 3.4.0 -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (TEZ-4549) Upgrade Hadoop Version to 3.4.0
[ https://issues.apache.org/jira/browse/TEZ-4549?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Shilun Fan updated TEZ-4549: Description: (was: We know that Junit 4.11 has a CVE-2020-15250 issue. Try upgrading to 4.13.2 to solve the problem. https://mvnrepository.com/artifact/junit/junit/4.11) > Upgrade Hadoop Version to 3.4.0 > --- > > Key: TEZ-4549 > URL: https://issues.apache.org/jira/browse/TEZ-4549 > Project: Apache Tez > Issue Type: Improvement >Affects Versions: 0.10.3 >Reporter: Shilun Fan >Assignee: Shilun Fan >Priority: Major > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (TEZ-4549) Upgrade Hadoop Version to 3.4.0
[ https://issues.apache.org/jira/browse/TEZ-4549?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Shilun Fan updated TEZ-4549: Summary: Upgrade Hadoop Version to 3.4.0 (was: Update junit to 4.13.2 to address CVE-2020-15250) > Upgrade Hadoop Version to 3.4.0 > --- > > Key: TEZ-4549 > URL: https://issues.apache.org/jira/browse/TEZ-4549 > Project: Apache Tez > Issue Type: Improvement >Affects Versions: 0.10.3 >Reporter: Shilun Fan >Assignee: Shilun Fan >Priority: Major > > We know that Junit 4.11 has a CVE-2020-15250 issue. Try upgrading to 4.13.2 > to solve the problem. > https://mvnrepository.com/artifact/junit/junit/4.11 -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (TEZ-4549) Upgrade Hadoop Version to 3.4.0
[ https://issues.apache.org/jira/browse/TEZ-4549?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Shilun Fan updated TEZ-4549: Affects Version/s: 0.10.4 (was: 0.10.3) > Upgrade Hadoop Version to 3.4.0 > --- > > Key: TEZ-4549 > URL: https://issues.apache.org/jira/browse/TEZ-4549 > Project: Apache Tez > Issue Type: Improvement >Affects Versions: 0.10.4 >Reporter: Shilun Fan >Assignee: Shilun Fan >Priority: Major > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Resolved] (TEZ-4549) Update junit to 4.13.2 to address CVE-2020-15250
[ https://issues.apache.org/jira/browse/TEZ-4549?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Shilun Fan resolved TEZ-4549. - Resolution: Duplicate > Update junit to 4.13.2 to address CVE-2020-15250 > > > Key: TEZ-4549 > URL: https://issues.apache.org/jira/browse/TEZ-4549 > Project: Apache Tez > Issue Type: Improvement >Affects Versions: 0.10.3 >Reporter: Shilun Fan >Assignee: Shilun Fan >Priority: Major > > We know that Junit 4.11 has a CVE-2020-15250 issue. Try upgrading to 4.13.2 > to solve the problem. > https://mvnrepository.com/artifact/junit/junit/4.11 -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (TEZ-4549) Update junit to 4.13.2 to address CVE-2020-15250
[ https://issues.apache.org/jira/browse/TEZ-4549?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Shilun Fan updated TEZ-4549: Affects Version/s: 0.10.3 > Update junit to 4.13.2 to address CVE-2020-15250 > > > Key: TEZ-4549 > URL: https://issues.apache.org/jira/browse/TEZ-4549 > Project: Apache Tez > Issue Type: Improvement >Affects Versions: 0.10.3 >Reporter: Shilun Fan >Assignee: Shilun Fan >Priority: Major > > We know that Junit 4.11 has a CVE-2020-15250 issue. Try upgrading to 4.13.2 > to solve the problem. > https://mvnrepository.com/artifact/junit/junit/4.11 -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (TEZ-4549) Update junit to 4.13.2 to address CVE-2020-15250
Shilun Fan created TEZ-4549: --- Summary: Update junit to 4.13.2 to address CVE-2020-15250 Key: TEZ-4549 URL: https://issues.apache.org/jira/browse/TEZ-4549 Project: Apache Tez Issue Type: Improvement Reporter: Shilun Fan Assignee: Shilun Fan We know that Junit 4.11 has a CVE-2020-15250 issue. Try upgrading to 4.13.2 to solve the problem. https://mvnrepository.com/artifact/junit/junit/4.11 -- This message was sent by Atlassian Jira (v8.20.10#820010)
