[ 
https://issues.apache.org/jira/browse/HADOOP-12767?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16397282#comment-16397282
 ] 

Kihwal Lee commented on HADOOP-12767:
-------------------------------------

[~shv], do you want to pull this in to 2.7 before the next release?  The 2015 
CVE isn't too bad, but there is an older one about MITM attack, which is more 
serious.

> update apache httpclient version to 4.5.2; httpcore to 4.4.4
> ------------------------------------------------------------
>
>                 Key: HADOOP-12767
>                 URL: https://issues.apache.org/jira/browse/HADOOP-12767
>             Project: Hadoop Common
>          Issue Type: Bug
>          Components: build
>    Affects Versions: 2.7.2
>            Reporter: Artem Aliev
>            Assignee: Artem Aliev
>            Priority: Major
>             Fix For: 2.8.0, 3.0.0-alpha1
>
>         Attachments: HADOOP-12767-branch-2-005.patch, 
> HADOOP-12767-branch-2.004.patch, HADOOP-12767-branch-2.005.patch, 
> HADOOP-12767.001.patch, HADOOP-12767.002.patch, HADOOP-12767.003.patch, 
> HADOOP-12767.004.patch
>
>
> Various SSL security fixes are needed.  See:  CVE-2012-6153, CVE-2011-4461, 
> CVE-2014-3577, CVE-2015-5262.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org

Reply via email to