[
https://issues.apache.org/jira/browse/HBASE-27586?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Rajeshbabu Chintaguntla updated HBASE-27586:
--------------------------------------------
Description:
commons-codec 1.15 has proper fix of few CVEs which may not effect in HBase but
better to upgrade to ensure compliance.
Ex: While [a
fix|https://github.com/apache/commons-codec/commit/48b615756d1d770091ea3322eefc08011ee8b113]
was earlier made to {{commons-codec:commons-codec}} version 1.13, it was later
found out to be incomplete. A [complete
fix|https://github.com/apache/commons-codec/pull/29] exists in version 1.14 and
that is the version users should upgrade to.
was:
commons-codec 1.15 has proper fix of few CVEs which may not effect in HBase but
better to upgrade to ensure compliance.
Ex: ** While [a
fix|https://github.com/apache/commons-codec/commit/48b615756d1d770091ea3322eefc08011ee8b113]
was earlier made to {{commons-codec:commons-codec}} version 1.13, it was later
found out to be incomplete. A [complete
fix|https://github.com/apache/commons-codec/pull/29] exists in version 1.14 and
that is the version users should upgrade to.
> Bump up commons-codec to 1.15
> -----------------------------
>
> Key: HBASE-27586
> URL: https://issues.apache.org/jira/browse/HBASE-27586
> Project: HBase
> Issue Type: Bug
> Reporter: Rajeshbabu Chintaguntla
> Assignee: Rajeshbabu Chintaguntla
> Priority: Major
> Fix For: 2.6.0, 3.0.0-alpha-4, 2.5.4
>
>
> commons-codec 1.15 has proper fix of few CVEs which may not effect in HBase
> but better to upgrade to ensure compliance.
> Ex: While [a
> fix|https://github.com/apache/commons-codec/commit/48b615756d1d770091ea3322eefc08011ee8b113]
> was earlier made to {{commons-codec:commons-codec}} version 1.13, it was
> later found out to be incomplete. A [complete
> fix|https://github.com/apache/commons-codec/pull/29] exists in version 1.14
> and that is the version users should upgrade to.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
