[
https://issues.apache.org/jira/browse/HADOOP-17563?focusedWorklogId=647953&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-647953
]
ASF GitHub Bot logged work on HADOOP-17563:
-------------------------------------------
Author: ASF GitHub Bot
Created on: 08/Sep/21 13:19
Start Date: 08/Sep/21 13:19
Worklog Time Spent: 10m
Work Description: amahussein opened a new pull request #3405:
URL: https://github.com/apache/hadoop/pull/3405
<!--
Thanks for sending a pull request!
1. If this is your first time, please read our contributor guidelines:
https://cwiki.apache.org/confluence/display/HADOOP/How+To+Contribute
2. Make sure your PR title starts with JIRA issue id, e.g.,
'HADOOP-17799. Your PR title ...'.
-->
### Description of PR
HADOOP-17563 . BouncyCastle to 1.69
- CVEs are reported for releases lower than 1.66
### How was this patch tested?
- build locally succeeded `mvn clean install -Pdist -Dtar -DskipTests
-Dmaven.javadoc`
- `mvn dependency:tree`
- Looked into linked Jiras of HADOOP-15832 and reviewed the dependencies
affected by the upgrade
- Some of the the tests below are already timing out on the default branch.
However, I verified that they have no class errors as reported in YARN-8919 and
YARN-8899
```bash
mvn test -Dtest=TestFileArgs,TestMultipleCachefiles,TestStreamingBadRecords,\
TestSymLink,TestMultipleArchiveFiles,TestGridmixSubmission,TestDistCacheEmulation,\
TestLoadJob,TestSleepJob,TestDistCh,TestCleanupAfterKIll
```
### For code changes:
- [X] Does the title or this PR starts with the corresponding JIRA issue id
- [X] Updated README.txt
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
Issue Time Tracking
-------------------
Worklog Id: (was: 647953)
Time Spent: 2h 10m (was: 2h)
> Update Bouncy Castle to 1.68 or later
> -------------------------------------
>
> Key: HADOOP-17563
> URL: https://issues.apache.org/jira/browse/HADOOP-17563
> Project: Hadoop Common
> Issue Type: Improvement
> Components: build
> Affects Versions: 3.3.1
> Reporter: Takanobu Asanuma
> Assignee: Takanobu Asanuma
> Priority: Major
> Labels: pull-request-available
> Time Spent: 2h 10m
> Remaining Estimate: 0h
>
> -Bouncy Castle 1.60 has Hash Collision Vulnerability. Let's update to 1.68.-
> Bouncy Castle 1.60 has the following vulnerabilities. Let's update to 1.68.
> * [https://nvd.nist.gov/vuln/detail/CVE-2020-26939]
> * [https://nvd.nist.gov/vuln/detail/CVE-2020-28052]
> * [https://nvd.nist.gov/vuln/detail/CVE-2020-15522]
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
