[
https://issues.apache.org/jira/browse/HDFS-16777?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17615998#comment-17615998
]
ASF GitHub Bot commented on HDFS-16777:
---------------------------------------
hadoop-yetus commented on PR #5003:
URL: https://github.com/apache/hadoop/pull/5003#issuecomment-1275063806
:confetti_ball: **+1 overall**
| Vote | Subsystem | Runtime | Logfile | Comment |
|:----:|----------:|--------:|:--------:|:-------:|
| +0 :ok: | reexec | 0m 48s | | Docker mode activated. |
|||| _ Prechecks _ |
| +1 :green_heart: | dupname | 0m 0s | | No case conflicting files
found. |
| +0 :ok: | codespell | 0m 0s | | codespell was not available. |
| +0 :ok: | detsecrets | 0m 1s | | detect-secrets was not available.
|
| +0 :ok: | jshint | 0m 1s | | jshint was not available. |
| +0 :ok: | shelldocs | 0m 1s | | Shelldocs was not available. |
| +1 :green_heart: | @author | 0m 0s | | The patch does not contain
any @author tags. |
|||| _ trunk Compile Tests _ |
| +0 :ok: | mvndep | 15m 56s | | Maven dependency ordering for branch |
| +1 :green_heart: | mvninstall | 26m 8s | | trunk passed |
| +1 :green_heart: | shadedclient | 19m 19s | | branch has no errors
when building and testing our client artifacts. |
|||| _ Patch Compile Tests _ |
| +0 :ok: | mvndep | 0m 27s | | Maven dependency ordering for patch |
| +1 :green_heart: | mvninstall | 23m 29s | | the patch passed |
| +1 :green_heart: | blanks | 0m 0s | | The patch has no blanks
issues. |
| +1 :green_heart: | shellcheck | 0m 0s | | No new issues. |
| +1 :green_heart: | shadedclient | 19m 47s | | patch has no errors
when building and testing our client artifacts. |
|||| _ Other Tests _ |
| +1 :green_heart: | asflicense | 0m 51s | | The patch does not
generate ASF License warnings. |
| | | 109m 14s | | |
| Subsystem | Report/Notes |
|----------:|:-------------|
| Docker | ClientAPI=1.41 ServerAPI=1.41 base:
https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-5003/1/artifact/out/Dockerfile
|
| GITHUB PR | https://github.com/apache/hadoop/pull/5003 |
| Optional Tests | dupname asflicense shadedclient codespell detsecrets
jshint shellcheck shelldocs |
| uname | Linux d0a673cf72c1 4.15.0-191-generic #202-Ubuntu SMP Thu Aug 4
01:49:29 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux |
| Build tool | maven |
| Personality | dev-support/bin/hadoop.sh |
| git revision | trunk / 94687937ad060af083f146683bb199ec2bbc259e |
| Max. process+thread count | 755 (vs. ulimit of 5500) |
| modules | C: hadoop-hdfs-project/hadoop-hdfs . U: . |
| Console output |
https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-5003/1/console |
| versions | git=2.25.1 maven=3.6.3 shellcheck=0.7.0 |
| Powered by | Apache Yetus 0.14.0 https://yetus.apache.org |
This message was automatically generated.
> [email protected] sonatype-2020-0988 vulnerability
> ----------------------------------------------------
>
> Key: HDFS-16777
> URL: https://issues.apache.org/jira/browse/HDFS-16777
> Project: Hadoop HDFS
> Issue Type: Bug
> Components: ui
> Affects Versions: 3.3.4
> Reporter: Eugene Shinn (Truveta)
> Assignee: Ashutosh Gupta
> Priority: Major
> Labels: pull-request-available
>
> Our static analysis security tool detected that HDFS's UI currently includes
> a vulnerable version of datatables detected by Sonatype (sonatype-2020-0988).
> From the vulnerability description:
> _"The `datatables.net` package is vulnerable to Prototype Pollution. The
> `setData` function in `jquery.dataTables.js` fails to protect prototype
> attributes when objects are created during the application's execution. A
> remote attacker can exploit this to modify the behavior of object prototypes
> which, depending on their use in the application, may result in a Denial of
> Service (DoS), Remote Code Execution (RCE), or other unexpected execution
> flow."_
> This issue was addressed in v 1.11.5 (ref: [Fix: Protect developers from
> inadvertantely introducing prototype pol… ·
> DataTables/Dist-DataTables@e2e19ea
> (github.com)).|https://github.com/DataTables/Dist-DataTables/commit/e2e19eac7e5a6f140d7eefca5c7deba165b357eb#diff-e7d8309f017dd2ef6385fa8cdc1539a2R2765]
> N.B. this issue was also detected within the YARN UI as well.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
