[
https://issues.apache.org/jira/browse/RANGER-4807?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17861078#comment-17861078
]
wangzhongwei commented on RANGER-4807:
--------------------------------------
Hi [~ferarribas] ,
Thanks for your review,From the dependency tree of ranger, we can see that
guava is dependent on hadoop-common, and the version is 27.0-jre, hadoop
version is 3.3.3 ,the dependecy tree:
!image-2024-07-01-15-17-54-668.png|width=619,height=224!
hadoop version is 3.3.0 ,the dependecy tree:
!image-2024-07-01-15-12-33-802.png|width=627,height=167!
hadoop-shaded-guava does not changes version of guava.
> Upgrade Hadoop to 3.3.3
> -----------------------
>
> Key: RANGER-4807
> URL: https://issues.apache.org/jira/browse/RANGER-4807
> Project: Ranger
> Issue Type: Bug
> Components: admin, plugins, usersync
> Affects Versions: 2.2.0, 2.3.0, 2.4.0
> Reporter: wangzhongwei
> Assignee: wangzhongwei
> Priority: Major
> Attachments: RANGER-4807-1.patch, RANGER-4807.patch,
> image-2024-07-01-15-11-18-321.png, image-2024-07-01-15-12-33-802.png,
> image-2024-07-01-15-17-54-668.png
>
>
> Upgrade Hadoop3.3.0 to 3.3.3 to fix
> https://nvd.nist.gov/vuln/detail/CVE-2022-25168
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
