[jira] [Resolved] (HBASE-27817) Migrate javax.el:3.0.1-b08 to jakarta.el-4.0.2

Nihal Jain (Jira) Tue, 10 Sep 2024 09:06:00 -0700


     [ 
https://issues.apache.org/jira/browse/HBASE-27817?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Nihal Jain resolved HBASE-27817.
--------------------------------
    Resolution: Won't Fix

We have fixed this indirectly via HBASE-28070!

> Migrate javax.el:3.0.1-b08 to jakarta.el-4.0.2
> ----------------------------------------------
>
>                 Key: HBASE-27817
>                 URL: https://issues.apache.org/jira/browse/HBASE-27817
>             Project: HBase
>          Issue Type: Task
>    Affects Versions: 3.0.0-alpha-4, 2.5.5, 2.4.18
>            Reporter: Wes Schuitema
>            Priority: Trivial
>
> The javax.el artifact contains a CVE: [CVE-2021-28170. 
> |https://nvd.nist.gov/vuln/detail/CVE-2021-28170]The CVE itself is not a big 
> issue since we're pre-compiling our JSP pages when building HBase, no user 
> input is parsed which reduces the risk considerably.
> The org.glassfish:javax.el artifact was moved to org.glassfish:jakarta.el, 
> which means a migration to get rid of the CVE.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Resolved] (HBASE-27817) Migrate javax.el:3.0.1-b08 to jakarta.el-4.0.2

Reply via email to