[ https://issues.apache.org/jira/browse/HADOOP-15815?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16637046#comment-16637046 ]
ASF GitHub Bot commented on HADOOP-15815: ----------------------------------------- GitHub user borisvu opened a pull request: https://github.com/apache/hadoop/pull/422 Updating insecure version of Jetty to the lattest Fixes https://issues.apache.org/jira/browse/HADOOP-15815 You can merge this pull request into a Git repository by running: $ git pull https://github.com/borisvu/hadoop HADOOP-15815 Alternatively you can review and apply these changes as the patch at: https://github.com/apache/hadoop/pull/422.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #422 ---- commit fdc49996daee83c01361d24e3f16885a42c1f527 Author: Boris Vulikh <boris.vulikh@...> Date: 2018-10-03T13:44:30Z Updating insecure version of Jetty to the lattest ---- > Upgrade Eclipse Jetty version due to security concerns > ------------------------------------------------------ > > Key: HADOOP-15815 > URL: https://issues.apache.org/jira/browse/HADOOP-15815 > Project: Hadoop Common > Issue Type: Task > Affects Versions: 3.1.1 > Reporter: Boris Vulikh > Priority: Major > > * > [CVE-2017-7657|https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-7657] > * > [CVE-2017-7658|https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-7658] > * > [CVE-2017-7656|https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-7656] > * > [CVE-2018-12536|https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-12536] > We should upgrade the dependency to version 9.3.24 or the latest, if possible. -- This message was sent by Atlassian JIRA (v7.6.3#76005) --------------------------------------------------------------------- To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org