[jira] [Work logged] (HADOOP-17633) Please upgrade json-smart dependency to the latest version

Mon, 12 Apr 2021 11:31:27 -0700 


     [ 
https://issues.apache.org/jira/browse/HADOOP-17633?focusedWorklogId=581229&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-581229
 ]

ASF GitHub Bot logged work on HADOOP-17633:
-------------------------------------------

                Author: ASF GitHub Bot
            Created on: 12/Apr/21 18:30
            Start Date: 12/Apr/21 18:30
    Worklog Time Spent: 10m 
      Work Description: steveloughran commented on pull request #2895:
URL: https://github.com/apache/hadoop/pull/2895#issuecomment-818032692


   I  worry about the lines on the json-smart import
   ```xml
           <!-- HACK.  Transitive dependency for nimbus-jose-jwt.  Needed for
                packaging.  Please re-check this version when updating
                nimbus-jose-jwt.  Please read HADOOP-14903 for more details.
             -->
   ```
   The assumption here is: nimbus-jose-jwt needs to be updated in sync, and 
kerby. Are there any related JIRAS/issues we could reference there?
   
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
[email protected]


Issue Time Tracking
-------------------

    Worklog Id:     (was: 581229)
    Time Spent: 20m  (was: 10m)

> Please upgrade json-smart dependency to the latest version
> ----------------------------------------------------------
>
>                 Key: HADOOP-17633
>                 URL: https://issues.apache.org/jira/browse/HADOOP-17633
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: auth, build
>    Affects Versions: 3.3.0, 3.2.1, 3.2.2, 3.4.0
>            Reporter: helen huang
>            Assignee: Viraj Jasani
>            Priority: Major
>              Labels: pull-request-available
>          Time Spent: 20m
>  Remaining Estimate: 0h
>
> Please upgrade the json-smart dependency to the latest version available.
> Currently hadoop-auth is using version 2.3. Fortify scan picked up a security 
> issue with this version. Please upgrade to the latest version. 
> Thanks!
>  



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to