[
https://issues.apache.org/jira/browse/SENTRY-1121?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15206584#comment-15206584
]
Colm O hEigeartaigh commented on SENTRY-1121:
---------------------------------------------
Hi Stravya,
I have access to the "srcclr" tool for Apache repositories on a trial basis at
Apache. This tool identified the security issue (amongst other transitive
issues, but there is nothing we can do until hadoop/hive etc. update). I think
what it means by "verifying the fix" is simply to rescan the codebase after the
patch is applied.
Colm.
> Update Jetty version
> --------------------
>
> Key: SENTRY-1121
> URL: https://issues.apache.org/jira/browse/SENTRY-1121
> Project: Sentry
> Issue Type: Improvement
> Reporter: Colm O hEigeartaigh
> Assignee: Colm O hEigeartaigh
> Fix For: 1.7.0
>
> Attachments: SENTRY-1121.patch
>
>
> The current Jetty version is 7.6.x. However there is a security vulnerability
> issued recently that is only fixed in the latest 8.1.x patch release:
> https://srcclr.com/security/denial-service-dos-cpu-consumption/java/s-1615
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
