[
https://issues.apache.org/jira/browse/PARQUET-2338?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17758777#comment-17758777
]
jincongho commented on PARQUET-2338:
------------------------------------
[[email protected]] Yes, the commit is correct. It's just not been released
yet, maybe a 1.13.2 soon?
> CVE-2022-25168 in hadoop-common
> -------------------------------
>
> Key: PARQUET-2338
> URL: https://issues.apache.org/jira/browse/PARQUET-2338
> Project: Parquet
> Issue Type: Bug
> Components: parquet-hadoop
> Affects Versions: 1.13.1
> Reporter: jincongho
> Priority: Major
>
> [CVE-2022-25168|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25168]
> requires updating hadoop-common to 3.2.4 or 3.3.3.
> Although `FileUtils.untar` isnt used inparquet-hadoop, will appreciate if we
> can release a new parquet-hadoop soon with these newer version. Otherwise
> parquet-hadoop will be flagged as security concern too.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
