[
https://issues.apache.org/jira/browse/RANGER-4884?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17870182#comment-17870182
]
Bhavik Patel commented on RANGER-4884:
--------------------------------------
Thanks [~kokosing] for fixing the CVE's.
* Hadoop: As Madhan indicated, versions 3.3.5 and 3.3.6 of Hadoop have been
available for some time. Is there a specific reason we have not updated to the
latest version?
* Avro: Can you also update the assembly packaging file, for example:
https://github.com/apache/ranger/blob/master/distro/src/main/assembly/kms.xml?
* snakeyaml: I believe this is used in runtime when audit to Elasticsearch
(destination) is enabled. Have you validated this functionality?
> updated dependent library version: hadoop, aws sdk, avro, snakeyaml
> -------------------------------------------------------------------
>
> Key: RANGER-4884
> URL: https://issues.apache.org/jira/browse/RANGER-4884
> Project: Ranger
> Issue Type: Improvement
> Components: Ranger
> Affects Versions: 3.0.0, 2.5.0
> Reporter: Madhan Neethiraj
> Assignee: Grzegorz Kokosinski
> Priority: Major
> Fix For: 3.0.0
>
>
> This Jira tracks following pull requests by [~kokosing]:
> # [#363: Update hadoop to 3.3.4|https://github.com/apache/ranger/pull/363]
> # [#364: Exclude all io.netty from hive-agent
> tests|https://github.com/apache/ranger/pull/364]
> # [#365: Update AWS SDK to
> 1.12.765|https://github.com/apache/ranger/pull/365]
> # [#366: Exclude avro dependency|https://github.com/apache/ranger/pull/366]
> # [#367: Exclude snakeyaml dependency to avoid
> CVEs|https://github.com/apache/ranger/pull/367]
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
