[ https://issues.apache.org/jira/browse/HADOOP-18130?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Akira Ajisaka resolved HADOOP-18130. ------------------------------------ Resolution: Not A Problem > hadoop-client-runtime latest version 3.3.1 has security issues > -------------------------------------------------------------- > > Key: HADOOP-18130 > URL: https://issues.apache.org/jira/browse/HADOOP-18130 > Project: Hadoop Common > Issue Type: Improvement > Reporter: phoebe chen > Priority: Major > > hadoop-client-runtime latest version 3.3.1 ([Maven Repository: > org.apache.hadoop » hadoop-client-runtime » 3.3.1 > (mvnrepository.com)|https://mvnrepository.com/artifact/org.apache.hadoop/hadoop-client-runtime/3.3.1]) > has many security issues. > Beside the ones list in maven repo, it's dependency: > "org.eclipse.jetty_jetty-io" (9.4.40.v20210413) has > [CVE-2021-34429|https://nvd.nist.gov/vuln/detail/CVE-2021-34429] and > [CVE-2021-28169|https://nvd.nist.gov/vuln/detail/CVE-2021-28169] > "com.fasterxml.jackson.core_jackson-databind" (2.10.5.1) has > [PRISMA-2021-0213.|https://github.com/FasterXML/jackson-databind/issues/3328] > Need to upgrade to higher version. > -- This message was sent by Atlassian Jira (v8.20.1#820001) --------------------------------------------------------------------- To unsubscribe, e-mail: common-dev-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-dev-h...@hadoop.apache.org