[
https://issues.apache.org/jira/browse/HADOOP-18350?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17568975#comment-17568975
]
Steve Loughran commented on HADOOP-18350:
-----------------------------------------
thank you for volunteering to help test the relevant release. note that the
cves related to jackson don't surface in s3 clients because s3 client doesn't
use that feature.
you should be able to try upgrading your local installation -do that and we
will get some great insight on any regressions
> Support for hadoop-aws with aws-java-sdk-bundle with version greater than
> 1.12.220
> ----------------------------------------------------------------------------------
>
> Key: HADOOP-18350
> URL: https://issues.apache.org/jira/browse/HADOOP-18350
> Project: Hadoop Common
> Issue Type: Wish
> Components: fs/s3
> Reporter: Bilna
> Priority: Major
>
> There are CVEs like CVE-2021-37137 and many, listed from
> aws-java-sdk-bundle with version 1.11.375 and the fix is available in
> versions higher than 1.12.220. It will be great if we have a hadoop-aws with
> aws-java-sdk-bundle.jar with latest version. Will you be able to provide the
> same? If so may I know approximately when can I expect it?
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
