ashutoshcipher opened a new pull request, #4539: URL: https://github.com/apache/hadoop/pull/4539
### Description of PR Update wildfly openssl to 2.2.1.Final. https://nvd.nist.gov/vuln/detail/CVE-2020-25644 A memory leak flaw was found in WildFly OpenSSL in versions prior to 1.1.3.Final, where it removes an HTTP session. It may allow the attacker to cause OOM leading to a denial of service. The highest threat from this vulnerability is to system availability. JIRA - HADOOP-17649 ### How was this patch tested? 1. CI/Build. 2. After setting this property ``` <property> <name>fs.s3a.ssl.channel.mode</name> <value>openssl</value> </property> ``` In Progress - Running hadoop-aws integration tests by `mvn verify` ### For code changes: - [X] Does the title or this PR starts with the corresponding JIRA issue id (e.g. 'HADOOP-17799. Your PR title ...')? - [ ] Object storage: have the integration tests been executed and the endpoint declared according to the connector-specific documentation? - [ ] If adding new dependencies to the code, are these dependencies licensed in a way that is compatible for inclusion under [ASF 2.0](http://www.apache.org/legal/resolved.html#category-a)? - [X] If applicable, have you updated the `LICENSE`, `LICENSE-binary`, `NOTICE-binary` files? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
