[
https://issues.apache.org/jira/browse/APEXCORE-815?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16476255#comment-16476255
]
ASF GitHub Bot commented on APEXCORE-815:
-----------------------------------------
vrozov opened a new pull request #601: APEXCORE-815 Whitelist CVE-2016-6811
URL: https://github.com/apache/apex-core/pull/601
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
> Whitelist CVE-2016-6811
> -----------------------
>
> Key: APEXCORE-815
> URL: https://issues.apache.org/jira/browse/APEXCORE-815
> Project: Apache Apex Core
> Issue Type: Task
> Reporter: Vlad Rozov
> Assignee: Vlad Rozov
> Priority: Major
> Fix For: 4.0.0
>
>
> There is an old vulnerability in Yarn version 2.7.3 and below (please see
> [CVE-2016-6811|https://www.cvedetails.com/cve/CVE-2016-6811]) that was
> recently marked as severity 9 and now it breaks Apex build. Based on my
> analysis, the vulnerability affects Yarn cluster itself (see
> [YARN-5121|https://issues.apache.org/jira/browse/YARN-5121]).
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
