[
https://issues.apache.org/jira/browse/HADOOP-19114?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17831044#comment-17831044
]
ASF GitHub Bot commented on HADOOP-19114:
-----------------------------------------
steveloughran commented on PR #6636:
URL: https://github.com/apache/hadoop/pull/6636#issuecomment-2021234507
looking at the code which doesn't compile
```java
TarArchiveOutputStream out = new TarArchiveOutputStream(targetStream)
...
try (FileInputStream inputStream = new FileInputStream(file)) {
ArchiveEntry entry = out.createArchiveEntry(file, file.getName());
out.putArchiveEntry(entry); // HERE
IOUtils.copyBytes(inputStream, out, 1024 * 1024);
out.closeArchiveEntry();
}
```
suspect that `TarArchiveOutputStream create/put` now return and require a
TarArchiveEntry; the current library just casts it.
```java
public void putArchiveEntry(ArchiveEntry archiveEntry) throws IOException {
if (this.finished) {
throw new IOException("Stream has already been finished");
} else {
TarArchiveEntry entry = (TarArchiveEntry)archiveEntry;
```
> upgrade to commons-compress 1.26.1 due to cves
> ----------------------------------------------
>
> Key: HADOOP-19114
> URL: https://issues.apache.org/jira/browse/HADOOP-19114
> Project: Hadoop Common
> Issue Type: Bug
> Components: build, CVE
> Affects Versions: 3.4.0
> Reporter: PJ Fanning
> Priority: Major
> Labels: pull-request-available
>
> 2 recent CVEs fixed -
> https://mvnrepository.com/artifact/org.apache.commons/commons-compress
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
