[jira] [Work logged] (HADOOP-17649) Update wildfly openssl to 2.1.3.Final

Thu, 22 Apr 2021 08:22:30 -0700 


     [ 
https://issues.apache.org/jira/browse/HADOOP-17649?focusedWorklogId=587292&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-587292
 ]

ASF GitHub Bot logged work on HADOOP-17649:
-------------------------------------------

                Author: ASF GitHub Bot
            Created on: 22/Apr/21 15:21
            Start Date: 22/Apr/21 15:21
    Worklog Time Spent: 10m 
      Work Description: steveloughran commented on pull request #2932:
URL: https://github.com/apache/hadoop/pull/2932#issuecomment-824936606


   The reason we use wildfly in the azure and -aws JARs is for performance by 
picking up those native bindings. if you use wildfly ssl as your socket 
factory, when openssl binaries are on PATH, then it will be used. 
   
   If this change takes that feature away, it's a regression which will hurt 
performance. Yes, that use of openssl has been brittle in the past, but it is 
stable now between our wildfly version and openssl 1.1.1
   
   What does this repackaging mean in terms of integration with openssl?


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
[email protected]


Issue Time Tracking
-------------------

    Worklog Id:     (was: 587292)
    Time Spent: 1h 40m  (was: 1.5h)

> Update wildfly openssl to 2.1.3.Final
> -------------------------------------
>
>                 Key: HADOOP-17649
>                 URL: https://issues.apache.org/jira/browse/HADOOP-17649
>             Project: Hadoop Common
>          Issue Type: Task
>            Reporter: Wei-Chiu Chuang
>            Assignee: Viraj Jasani
>            Priority: Major
>              Labels: pull-request-available
>          Time Spent: 1h 40m
>  Remaining Estimate: 0h
>
> https://nvd.nist.gov/vuln/detail/CVE-2020-25644
> A memory leak flaw was found in WildFly OpenSSL in versions prior to 
> 1.1.3.Final, where it removes an HTTP session. It may allow the attacker to 
> cause OOM leading to a denial of service. The highest threat from this 
> vulnerability is to system availability.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to