[
https://issues.apache.org/jira/browse/HADOOP-17633?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Akira Ajisaka updated HADOOP-17633:
-----------------------------------
Summary: Bump json-smart to 2.4.2 and nimbus-jose-jwt to 9.8 due to CVEs
(was: Please upgrade json-smart dependency to the latest version)
> Bump json-smart to 2.4.2 and nimbus-jose-jwt to 9.8 due to CVEs
> ---------------------------------------------------------------
>
> Key: HADOOP-17633
> URL: https://issues.apache.org/jira/browse/HADOOP-17633
> Project: Hadoop Common
> Issue Type: Improvement
> Components: auth, build
> Affects Versions: 3.3.0, 3.2.1, 3.2.2, 3.4.0
> Reporter: helen huang
> Assignee: Viraj Jasani
> Priority: Major
> Labels: pull-request-available
> Fix For: 3.3.1, 3.4.0, 3.2.3
>
> Time Spent: 4h 20m
> Remaining Estimate: 0h
>
> Please upgrade the json-smart dependency to the latest version available.
> Currently hadoop-auth is using version 2.3. Fortify scan picked up a security
> issue with this version. Please upgrade to the latest version.
> Thanks!
>
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
