[
https://issues.apache.org/jira/browse/HADOOP-18333?focusedWorklogId=792022&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-792022
]
ASF GitHub Bot logged work on HADOOP-18333:
-------------------------------------------
Author: ASF GitHub Bot
Created on: 18/Jul/22 11:19
Start Date: 18/Jul/22 11:19
Worklog Time Spent: 10m
Work Description: pjfanning commented on PR #4553:
URL: https://github.com/apache/hadoop/pull/4553#issuecomment-1187118230
@ashutoshcipher I'm not a Hadoop committer, so my review is not all that
important - looks like the test failures are due to OOMs and are probably
unrelated to your change. I'll run those tests locally to see if they fail for
me.
Issue Time Tracking
-------------------
Worklog Id: (was: 792022)
Time Spent: 0.5h (was: 20m)
> hadoop-client-runtime impact by CVE-2022-2047 due to shaded jetty
> -----------------------------------------------------------------
>
> Key: HADOOP-18333
> URL: https://issues.apache.org/jira/browse/HADOOP-18333
> Project: Hadoop Common
> Issue Type: Improvement
> Affects Versions: 3.3.3
> Reporter: phoebe chen
> Assignee: Ashutosh Gupta
> Priority: Major
> Labels: pull-request-available
> Time Spent: 0.5h
> Remaining Estimate: 0h
>
> CVE-2022-2047 is recently found for Eclipse Jetty, and impacts 9.4.0 thru
> 9.4.46.
> In latest 3.3.3 of hadoop-client-runtime, it shaded 9.4.43.v20210629 version
> jetty which is impacted.
> In Trunch, Jetty is in version 9.4.44.v20210927, which is still impacted.
> Need to upgrade Jetty Version.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
