[
https://issues.apache.org/jira/browse/HADOOP-15815?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16664083#comment-16664083
]
Bharat Viswanadham edited comment on HADOOP-15815 at 10/25/18 5:52 PM:
-----------------------------------------------------------------------
Hi Sunil,
Yes we need HADOOP-15882 to get this change committed.
There will be no impact to UI with this change. This Jira upgrades eclipse
jetty due to above mentioned CVE's, and other update shaded plugin version.
was (Author: bharatviswa):
Hi Sunil,
There will be no impact to UI with this change. This Jira upgrades eclipse
jetty due to above mentioned CVE's, and other update shaded plugin version.
> Upgrade Eclipse Jetty version due to security concerns
> ------------------------------------------------------
>
> Key: HADOOP-15815
> URL: https://issues.apache.org/jira/browse/HADOOP-15815
> Project: Hadoop Common
> Issue Type: Task
> Affects Versions: 3.1.1, 3.0.3
> Reporter: Boris Vulikh
> Assignee: Boris Vulikh
> Priority: Major
> Attachments: HADOOP-15815.01-2.patch
>
>
> *
> [CVE-2017-7657|https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-7657]
> *
> [CVE-2017-7658|https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-7658]
> *
> [CVE-2017-7656|https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-7656]
> *
> [CVE-2018-12536|https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-12536]
> We should upgrade the dependency to version 9.3.24 or the latest, if possible.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
