[hadoop] branch branch-3.3 updated: HADOOP-18561. Update commons-net to 3.9.0 (#5214)

Mon, 19 Dec 2022 03:58:00 -0800 

This is an automated email from the ASF dual-hosted git repository.

stevel pushed a commit to branch branch-3.3
in repository https://gitbox.apache.org/repos/asf/hadoop.git


The following commit(s) were added to refs/heads/branch-3.3 by this push:
     new 223046cb648 HADOOP-18561. Update commons-net to 3.9.0 (#5214)
223046cb648 is described below

commit 223046cb648fe2cec961de39062e4657c15477f8
Author: Steve Loughran <ste...@cloudera.com>
AuthorDate: Mon Dec 19 11:57:47 2022 +0000

    HADOOP-18561. Update commons-net to 3.9.0 (#5214)
    
    
    Addresses CVE-2021-37533, which *only* relates to FTP.
    
    Applications not using the ftp:// filesystem, which, as
    anyone who has used it will know is very minimal and
    so rarely used, is not a critical part of the project.
    
    Furthermore, the FTP-related issue is at worst information leakage
    if someone connects to a malicious server.
    
    This is a due diligence PR rather than an emergency fix.
    
    Contributed by Steve Loughran
---
 LICENSE-binary         | 2 +-
 hadoop-project/pom.xml | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/LICENSE-binary b/LICENSE-binary
index ec085a5c49e..f88b2b96f0b 100644
--- a/LICENSE-binary
+++ b/LICENSE-binary
@@ -254,7 +254,7 @@ commons-collections:commons-collections:3.2.2
 commons-daemon:commons-daemon:1.0.13
 commons-io:commons-io:2.8.0
 commons-logging:commons-logging:1.1.3
-commons-net:commons-net:3.6
+commons-net:commons-net:3.9.0
 de.ruedigermoeller:fst:2.50
 io.dropwizard.metrics:metrics-core:3.2.4
 io.grpc:grpc-api:1.26.0
diff --git a/hadoop-project/pom.xml b/hadoop-project/pom.xml
index 794b33847e3..0a1225f3964 100644
--- a/hadoop-project/pom.xml
+++ b/hadoop-project/pom.xml
@@ -126,7 +126,7 @@
     <commons-logging.version>1.1.3</commons-logging.version>
     <commons-logging-api.version>1.1</commons-logging-api.version>
     <commons-math3.version>3.1.1</commons-math3.version>
-    <commons-net.version>3.6</commons-net.version>
+    <commons-net.version>3.9.0</commons-net.version>
     <commons-text.version>1.10.0</commons-text.version>
 
     <kerby.version>1.0.1</kerby.version>


---------------------------------------------------------------------
To unsubscribe, e-mail: common-commits-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-commits-h...@hadoop.apache.org

Reply via email to