[
https://issues.apache.org/jira/browse/HBASE-29861?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18057064#comment-18057064
]
Hudson commented on HBASE-29861:
--------------------------------
Results for branch master
[build #1404 on
builds.a.o|https://ci-hbase.apache.org/job/HBase%20Nightly/job/master/1404/]:
(x) *{color:red}-1 overall{color}*
----
details (if available):
(/) {color:green}+1 general checks{color}
-- For more information [see general
report|https://ci-hbase.apache.org/job/HBase%20Nightly/job/master/1404/General_20Nightly_20Build_20Report/]
(x) {color:red}-1 jdk17 hadoop3 checks{color}
-- For more information [see jdk17
report|https://ci-hbase.apache.org/job/HBase%20Nightly/job/master/1404/JDK17_20Nightly_20Build_20Report_20_28Hadoop3_29/]
(x) {color:red}-1 jdk17 hadoop 3.3.5 backward compatibility checks{color}
-- For more information [see jdk17
report|https://ci-hbase.apache.org/job/HBase%20Nightly/job/master/1404/JDK17_20Nightly_20Build_20Report_20_28Hadoop3_29/]
(x) {color:red}-1 jdk17 hadoop 3.3.6 backward compatibility checks{color}
-- For more information [see jdk17
report|https://ci-hbase.apache.org/job/HBase%20Nightly/job/master/1404/JDK17_20Nightly_20Build_20Report_20_28Hadoop3_29/]
(/) {color:green}+1 jdk17 hadoop 3.4.0 backward compatibility checks{color}
-- For more information [see jdk17
report|https://ci-hbase.apache.org/job/HBase%20Nightly/job/master/1404/JDK17_20Nightly_20Build_20Report_20_28Hadoop3_29/]
(/) {color:green}+1 jdk17 hadoop 3.4.1 backward compatibility checks{color}
-- For more information [see jdk17
report|https://ci-hbase.apache.org/job/HBase%20Nightly/job/master/1404/JDK17_20Nightly_20Build_20Report_20_28Hadoop3_29/]
(/) {color:green}+1 source release artifact{color}
-- See build output for details.
(/) {color:green}+1 client integration test for 3.3.5 {color}
(/) {color:green}+1 client integration test for 3.3.6 {color}
(/) {color:green}+1 client integration test for 3.4.0 {color}
(/) {color:green}+1 client integration test for 3.4.1 {color}
(/) {color:green}+1 client integration test for 3.4.2 {color}
> Bump tar from 7.5.6 to 7.5.7 in /hbase-website
> ----------------------------------------------
>
> Key: HBASE-29861
> URL: https://issues.apache.org/jira/browse/HBASE-29861
> Project: HBase
> Issue Type: Task
> Components: website
> Reporter: Dávid Paksy
> Assignee: Dávid Paksy
> Priority: Major
> Labels: pull-request-available
> Fix For: 4.0.0-alpha-1
>
>
> h1. node-tar Vulnerable to Arbitrary File Creation/Overwrite via Hardlink
> Path Traversal
> h3. Summary
> node-tar contains a vulnerability where the security check for hardlink
> entries uses different path resolution semantics than the actual hardlink
> creation logic. This mismatch allows an attacker to craft a malicious TAR
> archive that bypasses path traversal protections and creates hardlinks to
> arbitrary files outside the extraction directory.
> [https://github.com/advisories/GHSA-34x7-hfp2-rc4v]
> [https://github.com/apache/hbase/security/dependabot/126]
> [https://github.com/apache/hbase/pull/7691]
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
