[ https://issues.apache.org/jira/browse/HADOOP-17844?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Shilun Fan updated HADOOP-17844: -------------------------------- Component/s: build common Target Version/s: 3.3.2, 3.2.3, 3.4.0 Affects Version/s: 3.3.2 3.2.3 3.4.0 > Upgrade JSON smart to 2.4.7 > --------------------------- > > Key: HADOOP-17844 > URL: https://issues.apache.org/jira/browse/HADOOP-17844 > Project: Hadoop Common > Issue Type: Bug > Components: build, common > Affects Versions: 3.4.0, 3.2.3, 3.3.2 > Reporter: Renukaprasad C > Assignee: Renukaprasad C > Priority: Major > Labels: pull-request-available > Fix For: 3.4.0, 3.2.3, 3.3.2 > > Time Spent: 1h 40m > Remaining Estimate: 0h > > Currently we are using JSON Smart 2.4.2 version which is vulnerable to - > CVE-2021-31684. > We can upgrade the version to 2.4.7 (2.4.5 or later). -- This message was sent by Atlassian Jira (v8.20.10#820010) --------------------------------------------------------------------- To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org