[
https://issues.apache.org/jira/browse/HBASE-28249?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Nihal Jain updated HBASE-28249:
-------------------------------
Hadoop Flags: Reviewed
Resolution: Fixed
Status: Resolved (was: Patch Available)
Pushed to branch-2.6+
Thanks for the review [~chrajeshbab...@gmail.com]
> Bump jruby to 9.3.13.0 and related joni and jcodings to 2.2.1 and 1.0.58
> respectively
> -------------------------------------------------------------------------------------
>
> Key: HBASE-28249
> URL: https://issues.apache.org/jira/browse/HBASE-28249
> Project: HBase
> Issue Type: Task
> Components: jruby, security, shell
> Reporter: Nihal Jain
> Assignee: Nihal Jain
> Priority: Major
> Fix For: 2.6.0, 3.0.0-beta-2
>
>
> Given branch-2 including branch-2.6 is already on 9.3.9.0, we should bump to
> at least 9.3.13.0. This will fix the bundled *org.bouncycastle :
> bcprov-jdk18on : 1.71* having
> [CVE-2023-33201|https://nvd.nist.gov/vuln/detail/CVE-2023-33201] from our
> classpath for the least.
> As a follow up can try to bump to latest 9.4.x line. Otherwise I can try to
> work directly on HBASE-28250 as well, although this may not be straight
> forward and would require some good testing.
> Please let me know what others think.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
