[
https://issues.apache.org/jira/browse/RANGER-4038?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17927043#comment-17927043
]
Bhavik Patel commented on RANGER-4038:
--------------------------------------
# All the plugins communication related issues are fixed by after adding
"jersey*", "hk2*", "jakarta.*" and "jackson-module*" dependencies in the plugin
classpath at "ranger-plugin-classloader" dependency level.
# KMS service Test connection issues is fixed by adding "javassist-3.30.2-GA"
dependency in KMS classpath.
# hadoop key operation issue is fixed by updating AuthenticationFilter in
hadoop
"https://github.com/apache/hadoop/blob/branch-3.3.6/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/AuthenticationFilter.java#L631";
> Upgrade spring framework and spring security versions
> -----------------------------------------------------
>
> Key: RANGER-4038
> URL: https://issues.apache.org/jira/browse/RANGER-4038
> Project: Ranger
> Issue Type: Bug
> Components: Ranger
> Reporter: Himanshu Maurya
> Priority: Major
>
> Pivotal Spring Framework up to (excluding) 6.0.0 suffers from a potential
> remote code execution (RCE) issue if used for Java deserialization of
> untrusted data. Depending on how the library is implemented within a product,
> this issue may or not occur, and authentication may be required.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
