[ https://issues.apache.org/jira/browse/HADOOP-18101?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Shilun Fan updated HADOOP-18101: -------------------------------- Component/s: build common Hadoop Flags: Reviewed Target Version/s: 3.4.0 Affects Version/s: 3.4.0 > Bump aliyun-sdk-oss to 3.13.2 and jdom2 to 2.0.6.1 > -------------------------------------------------- > > Key: HADOOP-18101 > URL: https://issues.apache.org/jira/browse/HADOOP-18101 > Project: Hadoop Common > Issue Type: Bug > Components: build, common > Affects Versions: 3.4.0 > Reporter: Aswin Shakil > Assignee: Aswin Shakil > Priority: Major > Labels: pull-request-available > Fix For: 3.4.0 > > Time Spent: 1h 10m > Remaining Estimate: 0h > > The current aliyun-sdk-oss 3.13.0 is affected by > [CVE-2021-33813|https://github.com/advisories/GHSA-2363-cqg2-863c] due to > jdom 2.0.6. maven-shade-plugin is also affected by the CVE. > Bumping aliyun-sdk-oss to 3.13.2 and jdom2 to 2.0.6.1 will resolve this issue > {code:java} > [INFO] +- org.apache.maven.plugins:maven-shade-plugin:jar:3.2.1:provided > [INFO] | +- > org.apache.maven.shared:maven-artifact-transfer:jar:0.10.0:provided > [INFO] | +- org.jdom:jdom2:jar:2.0.6:provided > ...... > [INFO] +- com.aliyun.oss:aliyun-sdk-oss:jar:3.13.1:compile > [INFO] | +- org.jdom:jdom2:jar:2.0.6:compile > {code} > -- This message was sent by Atlassian Jira (v8.20.10#820010) --------------------------------------------------------------------- To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org