[
https://issues.apache.org/jira/browse/HBASE-26894?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17516367#comment-17516367
]
Andrew Kyle Purtell edited comment on HBASE-26894 at 4/2/22 6:50 PM:
---------------------------------------------------------------------
Denial of service attack is important to fix but not Critical IMHO. It would be
more of an issue for us if we had XML parsing over untrusted user input as a
consideration. Except for the REST gateway, I don't think we do. (I should
audit that...) Reducing priority to default. We should definitely fix it,
though. Change it back if you disagree.
was (Author: apurtell):
Denial of service attack is important to fix but not Critical IMHO. Reducing
priority to default. We should definitely fix it, though. Change it back if you
disagree.
> Use new hbase-thirdparty and jackson 2.13.2.1 due to CVE-2020-36518
> -------------------------------------------------------------------
>
> Key: HBASE-26894
> URL: https://issues.apache.org/jira/browse/HBASE-26894
> Project: HBase
> Issue Type: Task
> Components: dependencies
> Reporter: Duo Zhang
> Priority: Major
>
> https://github.com/FasterXML/jackson-databind/issues/2816
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
