[ https://issues.apache.org/jira/browse/HADOOP-19578?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18008766#comment-18008766 ]
ASF GitHub Bot commented on HADOOP-19578: ----------------------------------------- steveloughran commented on code in PR #7707: URL: https://github.com/apache/hadoop/pull/7707#discussion_r2219761321 ########## hadoop-tools/hadoop-azure/src/test/java/org/apache/hadoop/fs/azurebfs/ITestAzureBlobFileSystemMainOperation.java: ########## @@ -50,16 +50,6 @@ public void setUp() throws Exception { fSys = binding.getFileSystem(); } - @AfterEach - @Override Review Comment: again, cut. even if it isn't needed ########## hadoop-cloud-storage-project/hadoop-huaweicloud/pom.xml: ########## @@ -94,6 +94,23 @@ </plugin> </plugins> </build> + <dependencyManagement> + <dependencies> + <! > Upgrade com.huaweicloud:esdk-obs-java for CVE-2023-3635 > ------------------------------------------------------- > > Key: HADOOP-19578 > URL: https://issues.apache.org/jira/browse/HADOOP-19578 > Project: Hadoop Common > Issue Type: Improvement > Components: cloud-storage, huaweicloud > Affects Versions: 3.3.6, 3.4.1 > Reporter: Yaniv Kunda > Priority: Major > Labels: pull-request-available > > The {{com.huaweicloud:esdk-obs-java}} dependency , used exclusively by the > {{hadoop-huaweicloud}} uses {{com.squareup.okio:okio:1.17.2}} which has > [CVE-2023-3635|https://nvd.nist.gov/vuln/detail/cve-2023-3635]. > Upgrading it will use a newer fixed version of {{okio}}, which will mitigate > the vulnerability. -- This message was sent by Atlassian Jira (v8.20.10#820010) --------------------------------------------------------------------- To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org