[
https://issues.apache.org/jira/browse/HADOOP-19114?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17853142#comment-17853142
]
ASF GitHub Bot commented on HADOOP-19114:
-----------------------------------------
steveloughran commented on PR #6867:
URL: https://github.com/apache/hadoop/pull/6867#issuecomment-2154818661
done. FWIW I'm thinking we should push out a 3.3.9 release this summer.
shall we include this here? doing a full update of those dependencies we can
upgrade seems wise
> upgrade to commons-compress 1.26.1 due to cves
> ----------------------------------------------
>
> Key: HADOOP-19114
> URL: https://issues.apache.org/jira/browse/HADOOP-19114
> Project: Hadoop Common
> Issue Type: Bug
> Components: build, CVE
> Affects Versions: 3.4.0
> Reporter: PJ Fanning
> Assignee: PJ Fanning
> Priority: Major
> Labels: pull-request-available
>
> 2 recent CVEs fixed -
> https://mvnrepository.com/artifact/org.apache.commons/commons-compress
> Important: Denial of Service CVE-2024-25710
> Moderate: Denial of Service CVE-2024-26308
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
