[
https://issues.apache.org/jira/browse/HADOOP-18311?focusedWorklogId=784598&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-784598
]
ASF GitHub Bot logged work on HADOOP-18311:
-------------------------------------------
Author: ASF GitHub Bot
Created on: 24/Jun/22 13:30
Start Date: 24/Jun/22 13:30
Worklog Time Spent: 10m
Work Description: steveloughran commented on PR #4491:
URL: https://github.com/apache/hadoop/pull/4491#issuecomment-1165578340
I have done the aws sdk update with followup patch, run the ITests with only
an expected failure (marker tool and the landsat bucket). not going to do the
others.
however, zookeeper may merit a change into branch 3.3 and then back to here.
can you do that as its own JIRA. thanks
Issue Time Tracking
-------------------
Worklog Id: (was: 784598)
Time Spent: 1h 20m (was: 1h 10m)
> Upgrade dependencies to address several CVEs
> --------------------------------------------
>
> Key: HADOOP-18311
> URL: https://issues.apache.org/jira/browse/HADOOP-18311
> Project: Hadoop Common
> Issue Type: Improvement
> Components: common
> Affects Versions: 3.3.3, 3.3.4
> Reporter: Steve Vaughan
> Priority: Major
> Labels: pull-request-available
> Fix For: 3.3.4
>
> Time Spent: 1h 20m
> Remaining Estimate: 0h
>
> The following CVEs can be addressed by upgrading dependencies within the
> build. This includes a replacement of HTrace with a noop implementation.
> * CVE-2018-7489
> * CVE-2020-10663
> * CVE-2020-28491
> * CVE-2020-35490
> * CVE-2020-35491
> * CVE-2020-36518
> * PRISMA-2021-0182
> This addresses all of the CVEs from 3.3.3 except for ones that would require
> upgrading Netty to 4.x. I'll be submitting a pull request for 3.3.4.
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
