[jira] [Work logged] (HADOOP-17898) Upgrade BouncyCastle to 1.69

[ASF GitHub Bot (Jira)]

     [ 
https://issues.apache.org/jira/browse/HADOOP-17898?focusedWorklogId=647525&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-647525
 ]

ASF GitHub Bot logged work on HADOOP-17898:
-------------------------------------------

                Author: ASF GitHub Bot
            Created on: 07/Sep/21 19:03
            Start Date: 07/Sep/21 19:03
    Worklog Time Spent: 10m 
      Work Description: amahussein opened a new pull request #3398:
URL: https://github.com/apache/hadoop/pull/3398


   ### Description of PR
   
   HADOOP-17898 . BouncyCastle to 1.69
   
   - CVEs are reported for releases lower than 1.66 
   [CVE-2020-26939](https://nvd.nist.gov/vuln/detail/CVE-2020-26939) moderate 
severity
   [CVE-2020-15522](https://nvd.nist.gov/vuln/detail/CVE-2020-15522) moderate 
severity 
   
   ### How was this patch tested?
   
   - build locally succeeded
   - `mvn dependency:tree`
   - Looked into linked Jiras of HADOOP-15832 and reviewed the dependencies 
affected by the upgrade
   -  I verified that they have no class errors as reported in YARN-8919 and 
YARN-8899
   ```bash
   mvn test -Dtest=TestFileArgs,TestMultipleCachefiles,TestStreamingBadRecords,\
   
TestSymLink,TestMultipleArchiveFiles,TestGridmixSubmission,TestDistCacheEmulation,\
   TestLoadJob,TestSleepJob,TestDistCh,TestCleanupAfterKIll
   
   ### For code changes:
   
   - [X] the title or this PR starts with the corresponding JIRA issue id
   - [X] updated `LICENSE-binary`
   
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


Issue Time Tracking
-------------------

    Worklog Id:     (was: 647525)
    Time Spent: 20m  (was: 10m)

> Upgrade BouncyCastle to 1.69
> ----------------------------
>
>                 Key: HADOOP-17898
>                 URL: https://issues.apache.org/jira/browse/HADOOP-17898
>             Project: Hadoop Common
>          Issue Type: Bug
>    Affects Versions: 3.4.0, 2.10.2, 3.2.3, 3.3.2
>            Reporter: Ahmed Hussein
>            Assignee: Ahmed Hussein
>            Priority: Major
>              Labels: pull-request-available
>          Time Spent: 20m
>  Remaining Estimate: 0h
>
> Vulnerabilities reported in BouncyCastle:
> [CVE-2020-26939|https://nvd.nist.gov/vuln/detail/CVE-2020-26939] moderate 
> severity
> [CVE-2020-15522|https://nvd.nist.gov/vuln/detail/CVE-2020-15522] moderate 
> severity
> Affecting releases before 1.66.
>  
> Upgrade to latest 1.69.
>  



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org