[
https://issues.apache.org/jira/browse/RANGER-4884?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17870193#comment-17870193
]
Grzegorz Kokosinski commented on RANGER-4884:
---------------------------------------------
[~bpatel] Thank you for feeedback. I didn't notice newer version of hadoop and
kmx.xml file before. Thank you for pointing this out. Here is a PR to fix that:
[https://github.com/apache/ranger/pull/370]
In regards to snakeyaml and elasticsearch. I haven't and I didn't know it is
the case. Somehow I assumed that CI would expose things like that. Also do you
think it is possible to update snakeyaml to version 2.0 for this case? The
older version of snakeyaml is full of CVEs.
> updated dependent library version: hadoop, aws sdk, avro, snakeyaml
> -------------------------------------------------------------------
>
> Key: RANGER-4884
> URL: https://issues.apache.org/jira/browse/RANGER-4884
> Project: Ranger
> Issue Type: Improvement
> Components: Ranger
> Affects Versions: 3.0.0, 2.5.0
> Reporter: Madhan Neethiraj
> Assignee: Grzegorz Kokosinski
> Priority: Major
> Fix For: 3.0.0
>
> Time Spent: 10m
> Remaining Estimate: 0h
>
> This Jira tracks following pull requests by [~kokosing]:
> # [#363: Update hadoop to 3.3.4|https://github.com/apache/ranger/pull/363]
> # [#364: Exclude all io.netty from hive-agent
> tests|https://github.com/apache/ranger/pull/364]
> # [#365: Update AWS SDK to
> 1.12.765|https://github.com/apache/ranger/pull/365]
> # [#366: Exclude avro dependency|https://github.com/apache/ranger/pull/366]
> # [#367: Exclude snakeyaml dependency to avoid
> CVEs|https://github.com/apache/ranger/pull/367]
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
