[
https://issues.apache.org/jira/browse/HADOOP-19237?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
PJ Fanning updated HADOOP-19237:
--------------------------------
Description:
See https://github.com/apache/hadoop/pull/6955 - but this is missing the
necessary change to LICENSE-binary (which already has an out of date version
for dnsjava).
* CVE-2024-25638 https://github.com/advisories/GHSA-cfxw-4h78-h7fw
* https://github.com/advisories/GHSA-mmwx-rj87-vfgr
* https://github.com/advisories/GHSA-crjg-w57m-rqqf
was:
See https://github.com/apache/hadoop/pull/6955 - but this is missing the
necessary change to LICENSE-binary (which already has an out of date version
for dnsjava).
* CVE-2023-32695
* CVE-2024-25638
* https://github.com/advisories/GHSA-crjg-w57m-rqqf
> upgrade dnsjava to 3.6.0 due to CVEs
> ------------------------------------
>
> Key: HADOOP-19237
> URL: https://issues.apache.org/jira/browse/HADOOP-19237
> Project: Hadoop Common
> Issue Type: Task
> Reporter: PJ Fanning
> Priority: Major
>
> See https://github.com/apache/hadoop/pull/6955 - but this is missing the
> necessary change to LICENSE-binary (which already has an out of date version
> for dnsjava).
> * CVE-2024-25638 https://github.com/advisories/GHSA-cfxw-4h78-h7fw
> * https://github.com/advisories/GHSA-mmwx-rj87-vfgr
> * https://github.com/advisories/GHSA-crjg-w57m-rqqf
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
