[
https://issues.apache.org/jira/browse/HADOOP-18350?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17571994#comment-17571994
]
Steve Loughran commented on HADOOP-18350:
-----------------------------------------
> There are CVEs on io.netty dependencies which is again comes through
> aws-java-sdk-bundle.
So will that be taken care of?
# we are an open source project who depend on the effort of the community. If
you want things on a timescale which meets your need, it becomes your homework.
# you can just use the unshaded aws sdk components if you get your classpath
right. so consider doing that in your deployments
> Support for hadoop-aws with aws-java-sdk-bundle with version greater than
> 1.12.220
> ----------------------------------------------------------------------------------
>
> Key: HADOOP-18350
> URL: https://issues.apache.org/jira/browse/HADOOP-18350
> Project: Hadoop Common
> Issue Type: Wish
> Components: fs/s3
> Reporter: Bilna
> Priority: Major
>
> There are CVEs like CVE-2021-37137 and many, listed from
> aws-java-sdk-bundle with version 1.11.375 and the fix is available in
> versions higher than 1.12.220. It will be great if we have a hadoop-aws with
> aws-java-sdk-bundle.jar with latest version. Will you be able to provide the
> same? If so may I know approximately when can I expect it?
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
