[
https://issues.apache.org/jira/browse/HADOOP-17633?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17319186#comment-17319186
]
Steve Loughran commented on HADOOP-17633:
-----------------------------------------
CVE looks like: https://nvd.nist.gov/vuln/detail/CVE-2021-27568
Do you have a PR for the upgrade?
> Please upgrade json-smart dependency to the latest version
> ----------------------------------------------------------
>
> Key: HADOOP-17633
> URL: https://issues.apache.org/jira/browse/HADOOP-17633
> Project: Hadoop Common
> Issue Type: Improvement
> Components: auth, build
> Affects Versions: 3.3.0, 3.2.1, 3.2.2, 3.4.0
> Reporter: helen huang
> Priority: Major
> Fix For: 3.3.0, 3.4.0
>
>
> Please upgrade the json-smart dependency to the latest version available.
> Currently hadoop-auth is using version 2.3. Fortify scan picked up a security
> issue with this version. Please upgrade to the latest version.
> Thanks!
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
