[jira] [Commented] (SENTRY-1997) Bump sqoop dependency version to 1.99.7

Colm O hEigeartaigh (JIRA) Sat, 28 Oct 2017 08:02:18 -0700

    [ 
https://issues.apache.org/jira/browse/SENTRY-1997?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16223562#comment-16223562
 ]


Colm O hEigeartaigh commented on SENTRY-1997:
---------------------------------------------

Looks like it was done by this fix:

https://issues.apache.org/jira/browse/SQOOP-2379
https://issues.apache.org/jira/secure/attachment/12737536/SQOOP-2379.3.patch

>From a Sentry POV, the checkResourceExists method should probably be skipped 
>if the resource is "*" or "all" depending on whether it is a job, link, 
>connector, etc. Is anyone at Sentry also involved with Sqoop? If so could they 
>raise the issue there?

Colm.


> Bump sqoop dependency version to 1.99.7
> ---------------------------------------
>
>                 Key: SENTRY-1997
>                 URL: https://issues.apache.org/jira/browse/SENTRY-1997
>             Project: Sentry
>          Issue Type: Bug
>          Components: Sentry
>    Affects Versions: 2.0.0
>            Reporter: kalyan kumar kalvagadda
>
> A CVE security issue exists on our current SQOOP dependency 1.99.7
> SeeCVE-2009-4269 (H),CVE-2005-4849 (H)
> We should bump the version to the latest one that is 1.99.7



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Commented] (SENTRY-1997) Bump sqoop dependency version to 1.99.7

Reply via email to