[
https://issues.apache.org/jira/browse/IMPALA-11197?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17511932#comment-17511932
]
ASF subversion and git services commented on IMPALA-11197:
----------------------------------------------------------
Commit aa404b856f182e381f1d40b55dc568d87828d2ec in impala's branch
refs/heads/master from Joe McDonnell
[ https://gitbox.apache.org/repos/asf?p=impala.git;h=aa404b8 ]
IMPALA-11197/IMPALA-11149: Address CVEs in pac4j/xmlsec
This upgrades pac4j and several of its dependencies
(including xmlsec) to address CVEs in those components.
Specifically:
- pac4j 4.5.5 addresses CVE-2021-44878
- xmlsec 2.2.3 addresses CVE-2021-40690
- bcprov 1.68 addresses CVE-2020-15522
This also upgrade springframework to 5.2.9.RELEASE to
match the version for pac4j 4.5.5.
Testing:
- Ran core job
Change-Id: I8421d867dd0fce8eeaa6bc13a511ca3e8dd05723
Reviewed-on: http://gerrit.cloudera.org:8080/18348
Reviewed-by: Csaba Ringhofer <[email protected]>
Tested-by: Joe McDonnell <[email protected]>
> Upgrade pac4j to 4.5.5 to address CVEs
> --------------------------------------
>
> Key: IMPALA-11197
> URL: https://issues.apache.org/jira/browse/IMPALA-11197
> Project: IMPALA
> Issue Type: Task
> Components: Infrastructure
> Reporter: Joe McDonnell
> Priority: Major
>
> Impala has a dependency on pac4j, which recently found a vulnerability
> (CVE-2021-44878). This vulnerability has been addressed in 4.5.5. We should
> upgrade to get this fix.
>
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
