[
https://issues.apache.org/jira/browse/HADOOP-15815?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16637046#comment-16637046
]
ASF GitHub Bot commented on HADOOP-15815:
-----------------------------------------
GitHub user borisvu opened a pull request:
https://github.com/apache/hadoop/pull/422
Updating insecure version of Jetty to the lattest
Fixes https://issues.apache.org/jira/browse/HADOOP-15815
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/borisvu/hadoop HADOOP-15815
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/hadoop/pull/422.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #422
----
commit fdc49996daee83c01361d24e3f16885a42c1f527
Author: Boris Vulikh <boris.vulikh@...>
Date: 2018-10-03T13:44:30Z
Updating insecure version of Jetty to the lattest
----
> Upgrade Eclipse Jetty version due to security concerns
> ------------------------------------------------------
>
> Key: HADOOP-15815
> URL: https://issues.apache.org/jira/browse/HADOOP-15815
> Project: Hadoop Common
> Issue Type: Task
> Affects Versions: 3.1.1
> Reporter: Boris Vulikh
> Priority: Major
>
> *
> [CVE-2017-7657|https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-7657]
> *
> [CVE-2017-7658|https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-7658]
> *
> [CVE-2017-7656|https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-7656]
> *
> [CVE-2018-12536|https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-12536]
> We should upgrade the dependency to version 9.3.24 or the latest, if possible.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
