[jira] [Created] (HADOOP-18496) upgrade kotlin-stdlib due to CVEs

PJ Fanning (Jira) Thu, 13 Oct 2022 11:57:01 -0700

PJ Fanning created HADOOP-18496:
-----------------------------------

             Summary: upgrade kotlin-stdlib due to CVEs
                 Key: HADOOP-18496
                 URL: https://issues.apache.org/jira/browse/HADOOP-18496
             Project: Hadoop Common
          Issue Type: Improvement
            Reporter: PJ Fanning



I'm not an expert on Kotlin but dependabot show these 2 CVEs with the version 
of kotlin-stdlib used in Hadoop.
 * [https://github.com/advisories/GHSA-cqj8-47ch-rvvq]
 * [https://github.com/advisories/GHSA-2qp4-g3q3-f92w]

kotlin-stlib 1.6.0 is the minimum version needed to fix both. It might be 
better to use latest v1.6 jar (currently 1.6.21) or even use latest jar 
altogether (currently 1.7.20).

 



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org

[jira] [Created] (HADOOP-18496) upgrade kotlin-stdlib due to CVEs

Reply via email to