[
https://issues.apache.org/jira/browse/RANGER-4038?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17950170#comment-17950170
]
Bhavik Patel commented on RANGER-4038:
--------------------------------------
Thanks [~kokosing] for volunteering on this features.
>From the Ranger Spring support with current patch Ranger KMS functionality is
>broken and we need to the fix from the hadoop team to fix the code. As while
>migrating to jakarta packages setStatus method expect only one argument.
[https://github.com/apache/hadoop/blob/branch-3.3.6/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/AuthenticationFilter.java#L631]
I have requested one of the hadoop contributor to provide patch for the same.
If possible can you also check with Hadoop committer/PMC member to work on this.
Apart from that we need few changes to at the ranger kms end to fix the KMS
functionality.
Ranger version upgrade is also broken, that also required fix.
> Upgrade spring framework and spring security versions
> -----------------------------------------------------
>
> Key: RANGER-4038
> URL: https://issues.apache.org/jira/browse/RANGER-4038
> Project: Ranger
> Issue Type: Bug
> Components: Ranger
> Reporter: Himanshu Maurya
> Priority: Major
>
> Pivotal Spring Framework up to (excluding) 6.0.0 suffers from a potential
> remote code execution (RCE) issue if used for Java deserialization of
> untrusted data. Depending on how the library is implemented within a product,
> this issue may or not occur, and authentication may be required.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
