Wes Schuitema created HBASE-27817:
-------------------------------------
Summary: Migrate javax.el:3.0.1-b08 to jakarta.el-4.0.2
Key: HBASE-27817
URL: https://issues.apache.org/jira/browse/HBASE-27817
Project: HBase
Issue Type: Task
Affects Versions: 3.0.0-alpha-4, 2.5.5, 2.4.18
Reporter: Wes Schuitema
The javax.el artifact contains a CVE: [CVE-2021-28170.
|https://nvd.nist.gov/vuln/detail/CVE-2021-28170]The CVE itself is not a big
issue since we're pre-compiling our JSP pages when building HBase, no user
input is parsed which reduces the risk considerably.
The org.glassfish:javax.el artifact was moved to org.glassfish:jakarta.el,
which means a migration to get rid of the CVE.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
