subject:"\[jira\] \[Updated\] \(HADOOP\-18311\) Upgrade dependencies to address several CVEs"

[jira] [Updated] (HADOOP-18311) Upgrade dependencies to address several CVEs

2023-06-12 Thread Wei-Chiu Chuang (Jira)



 [ 
https://issues.apache.org/jira/browse/HADOOP-18311?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Wei-Chiu Chuang updated HADOOP-18311:
-
Fix Version/s: (was: 3.3.6)

> Upgrade dependencies to address several CVEs
> 
>
> Key: HADOOP-18311
> URL: https://issues.apache.org/jira/browse/HADOOP-18311
> Project: Hadoop Common
>  Issue Type: Improvement
>  Components: common
>Affects Versions: 3.3.3, 3.3.4
>Reporter: Steve Vaughan
>Priority: Major
>  Labels: pull-request-available
>  Time Spent: 3h 10m
>  Remaining Estimate: 0h
>
> The following CVEs can be addressed by upgrading dependencies within the 
> build.  This includes a replacement of HTrace with a noop implementation.
>  * CVE-2018-7489
>  * CVE-2020-10663
>  * CVE-2020-28491
>  * CVE-2020-35490
>  * CVE-2020-35491
>  * CVE-2020-36518
>  * PRISMA-2021-0182
> This addresses all of the CVEs from 3.3.3 except for ones that would require 
> upgrading Netty to 4.x.  I'll be submitting a pull request for 3.3.4.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

-
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org

[jira] [Updated] (HADOOP-18311) Upgrade dependencies to address several CVEs

2022-11-29 Thread Mukund Thakur (Jira)



 [ 
https://issues.apache.org/jira/browse/HADOOP-18311?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Mukund Thakur updated HADOOP-18311:
---
Target Version/s: 3.3.9

[~svaughan]  Are we still planning to do this for 3.3.5 release as we will be 
releasing that in a week.

> Upgrade dependencies to address several CVEs
> 
>
> Key: HADOOP-18311
> URL: https://issues.apache.org/jira/browse/HADOOP-18311
> Project: Hadoop Common
>  Issue Type: Improvement
>  Components: common
>Affects Versions: 3.3.3, 3.3.4
>Reporter: Steve Vaughan
>Priority: Major
>  Labels: pull-request-available
>  Time Spent: 3h 10m
>  Remaining Estimate: 0h
>
> The following CVEs can be addressed by upgrading dependencies within the 
> build.  This includes a replacement of HTrace with a noop implementation.
>  * CVE-2018-7489
>  * CVE-2020-10663
>  * CVE-2020-28491
>  * CVE-2020-35490
>  * CVE-2020-35491
>  * CVE-2020-36518
>  * PRISMA-2021-0182
> This addresses all of the CVEs from 3.3.3 except for ones that would require 
> upgrading Netty to 4.x.  I'll be submitting a pull request for 3.3.4.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

-
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org

[jira] [Updated] (HADOOP-18311) Upgrade dependencies to address several CVEs

2022-11-29 Thread Mukund Thakur (Jira)



 [ 
https://issues.apache.org/jira/browse/HADOOP-18311?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Mukund Thakur updated HADOOP-18311:
---
Fix Version/s: (was: 3.3.5)

> Upgrade dependencies to address several CVEs
> 
>
> Key: HADOOP-18311
> URL: https://issues.apache.org/jira/browse/HADOOP-18311
> Project: Hadoop Common
>  Issue Type: Improvement
>  Components: common
>Affects Versions: 3.3.3, 3.3.4
>Reporter: Steve Vaughan
>Priority: Major
>  Labels: pull-request-available
>  Time Spent: 3h 10m
>  Remaining Estimate: 0h
>
> The following CVEs can be addressed by upgrading dependencies within the 
> build.  This includes a replacement of HTrace with a noop implementation.
>  * CVE-2018-7489
>  * CVE-2020-10663
>  * CVE-2020-28491
>  * CVE-2020-35490
>  * CVE-2020-35491
>  * CVE-2020-36518
>  * PRISMA-2021-0182
> This addresses all of the CVEs from 3.3.3 except for ones that would require 
> upgrading Netty to 4.x.  I'll be submitting a pull request for 3.3.4.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

-
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org

[jira] [Updated] (HADOOP-18311) Upgrade dependencies to address several CVEs

2022-08-18 Thread Steve Loughran (Jira)



 [ 
https://issues.apache.org/jira/browse/HADOOP-18311?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Steve Loughran updated HADOOP-18311:

Fix Version/s: 3.3.9
   (was: 3.3.4)

> Upgrade dependencies to address several CVEs
> 
>
> Key: HADOOP-18311
> URL: https://issues.apache.org/jira/browse/HADOOP-18311
> Project: Hadoop Common
>  Issue Type: Improvement
>  Components: common
>Affects Versions: 3.3.3, 3.3.4
>Reporter: Steve Vaughan
>Priority: Major
>  Labels: pull-request-available
> Fix For: 3.3.9
>
>  Time Spent: 3h 10m
>  Remaining Estimate: 0h
>
> The following CVEs can be addressed by upgrading dependencies within the 
> build.  This includes a replacement of HTrace with a noop implementation.
>  * CVE-2018-7489
>  * CVE-2020-10663
>  * CVE-2020-28491
>  * CVE-2020-35490
>  * CVE-2020-35491
>  * CVE-2020-36518
>  * PRISMA-2021-0182
> This addresses all of the CVEs from 3.3.3 except for ones that would require 
> upgrading Netty to 4.x.  I'll be submitting a pull request for 3.3.4.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

-
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org

[jira] [Updated] (HADOOP-18311) Upgrade dependencies to address several CVEs

2022-06-22 Thread ASF GitHub Bot (Jira)



 [ 
https://issues.apache.org/jira/browse/HADOOP-18311?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

ASF GitHub Bot updated HADOOP-18311:

Labels: pull-request-available  (was: )

> Upgrade dependencies to address several CVEs
> 
>
> Key: HADOOP-18311
> URL: https://issues.apache.org/jira/browse/HADOOP-18311
> Project: Hadoop Common
>  Issue Type: Improvement
>  Components: common
>Affects Versions: 3.3.3, 3.3.4
>Reporter: Steve Vaughan
>Priority: Major
>  Labels: pull-request-available
> Fix For: 3.3.4
>
>  Time Spent: 10m
>  Remaining Estimate: 0h
>
> The following CVEs can be addressed by upgrading dependencies within the 
> build.  This includes a replacement of HTrace with a noop implementation.
>  * CVE-2018-7489
>  * CVE-2020-10663
>  * CVE-2020-28491
>  * CVE-2020-35490
>  * CVE-2020-35491
>  * CVE-2020-36518
>  * PRISMA-2021-0182
> This addresses all of the CVEs from 3.3.3 except for ones that would require 
> upgrading Netty to 4.x.  I'll be submitting a pull request for 3.3.4.



--
This message was sent by Atlassian Jira
(v8.20.7#820007)

-
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org

[jira] [Updated] (HADOOP-18311) Upgrade dependencies to address several CVEs

[jira] [Updated] (HADOOP-18311) Upgrade dependencies to address several CVEs

[jira] [Updated] (HADOOP-18311) Upgrade dependencies to address several CVEs

[jira] [Updated] (HADOOP-18311) Upgrade dependencies to address several CVEs

[jira] [Updated] (HADOOP-18311) Upgrade dependencies to address several CVEs

5 matches

Site Navigation

Mail list logo

Footer information