Steve Loughran created HADOOP-18763:
---------------------------------------
Summary: Upgrade aws-java-sdk to 1.12.367+
Key: HADOOP-18763
URL: https://issues.apache.org/jira/browse/HADOOP-18763
Project: Hadoop Common
Issue Type: Sub-task
Components: fs/s3
Affects Versions: 3.3.5
Reporter: Steve Loughran
aws sdk bundle < 1.12.367 uses a vulnerable versions of netty which is pulling
in high severity CVE and creating unhappiness in security scans, even if s3a
doesn't use that lib.
The safe version for netty is netty:4.1.86.Final and this is used by
aws-java-adk:1.12.367+
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
