This is an automated email from the ASF dual-hosted git repository.
thw pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/apex-core.git
The following commit(s) were added to refs/heads/master by this push:
new 805aba3 APEXCORE-815 Whitelist CVE-2016-6811
805aba3 is described below
commit 805aba30b5b84e39cf6dda8c6d5a805a3c880c60
Author: Vlad Rozov <[email protected]>
AuthorDate: Tue May 15 10:52:20 2018 -0700
APEXCORE-815 Whitelist CVE-2016-6811
---
dependency-check-whitelist.xml | 3 +++
docs/application_development.md | 3 ++-
2 files changed, 5 insertions(+), 1 deletion(-)
diff --git a/dependency-check-whitelist.xml b/dependency-check-whitelist.xml
index 700c986..a8c4fbc 100644
--- a/dependency-check-whitelist.xml
+++ b/dependency-check-whitelist.xml
@@ -20,4 +20,7 @@
-->
<suppressions
xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.1.xsd";>
+ <suppress>
+ <cve>CVE-2016-6811</cve>
+ </suppress>
</suppressions>
diff --git a/docs/application_development.md b/docs/application_development.md
index 6bfa3fd..f3398e2 100644
--- a/docs/application_development.md
+++ b/docs/application_development.md
@@ -695,7 +695,8 @@ submitted to the Hadoop cluster and executes as a
multi-processapplication on
Before you start deploying, testing and troubleshooting your
application on a cluster, you should ensure that Hadoop (version 2.6.0
or later) is properly installed and
-you have basic skills for working with it.
+you have basic skills for working with it. Due to a known vulnerability in
Apache Yarn, Apex community
+recommends Hadoop version 2.7.4 or later.
------------------------------------------------------------------------
--
To stop receiving notification emails like this one, please contact
[email protected].
