[
https://issues.apache.org/jira/browse/RANGER-4807?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17860837#comment-17860837
]
FerArribas commented on RANGER-4807:
------------------------------------
Hi [~zhongwei11],
Why not use hadoop-shaded-guava 1.2.0 which has no vulnerabilities? Version
1.1.1 has as dependency com.google.guava:guava:30.1.1-jre which has these
issues:
CVE-2023-2976
CVE-2020-8908
Thanks
> Upgrade Hadoop to 3.3.3
> -----------------------
>
> Key: RANGER-4807
> URL: https://issues.apache.org/jira/browse/RANGER-4807
> Project: Ranger
> Issue Type: Bug
> Components: admin, plugins, usersync
> Affects Versions: 2.2.0, 2.3.0, 2.4.0
> Reporter: wangzhongwei
> Assignee: wangzhongwei
> Priority: Major
> Attachments: RANGER-4807-1.patch, RANGER-4807.patch
>
>
> Upgrade Hadoop3.3.0 to 3.3.3 to fix
> https://nvd.nist.gov/vuln/detail/CVE-2022-25168
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
