[jira] [Updated] (HBASE-27731) Upgrade commons-validator to version 1.7

Duo Zhang (Jira) Mon, 30 Dec 2024 06:48:04 -0800


     [ 
https://issues.apache.org/jira/browse/HBASE-27731?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Duo Zhang updated HBASE-27731:
------------------------------
    Fix Version/s: 3.0.0-alpha-4

> Upgrade commons-validator to version 1.7
> ----------------------------------------
>
>                 Key: HBASE-27731
>                 URL: https://issues.apache.org/jira/browse/HBASE-27731
>             Project: HBase
>          Issue Type: Task
>          Components: dependencies, security
>            Reporter: Wes Schuitema
>            Assignee: Wes Schuitema
>            Priority: Minor
>             Fix For: 3.0.0-alpha-4
>
>
> The current version of commons-validator (1.6) has a dependency on 
> commons-beanutils-1.9.2.jar, this dependency comes with two CVEs:
> - [CVE-2014-0114|https://nvd.nist.gov/vuln/detail/cve-2014-0114]
> - [CVE-2019-10086|https://nvd.nist.gov/vuln/detail/cve-2019-10086]
> With commons-validator version 1.7 these CVEs are no longer present.
> I've also checked the master branch for usages. The only location where 
> commons-validator is used is in org.apache.hadoop.hbase.zookeeper.ZKConfig 
> for validating ipv6 addresses.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (HBASE-27731) Upgrade commons-validator to version 1.7

Reply via email to