[
https://issues.apache.org/jira/browse/HADOOP-18622?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17685294#comment-17685294
]
Aleksandr Nikolaev commented on HADOOP-18622:
---------------------------------------------
[~groot] As far as I can see, Xerces has been updated in the ticket, but Ant
will still use the built-in Xerces transitively unless it is explicitly
overridden or excluded. I'm ok if that suits you. Can I create some other
upgrade ticket? For example Netty?
> Upgrade ant to 1.10.13
> ----------------------
>
> Key: HADOOP-18622
> URL: https://issues.apache.org/jira/browse/HADOOP-18622
> Project: Hadoop Common
> Issue Type: Improvement
> Reporter: Aleksandr Nikolaev
> Assignee: Ashutosh Gupta
> Priority: Major
> Labels: pull-request-available
>
> lnerabilities reported in org.apache.ant:ant:1.10.11
> *
> [CVE-2022-23437|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23437]
> *
> [CVE-2020-14338|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14338]
> suggested: org.apache.ant:ant ~> 1.10.13
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
