[jira] [Commented] (TEZ-4083) Upgrade to latest 9.4.x Jetty version

Siyao Meng (Jira) Thu, 24 Oct 2019 15:12:12 -0700


    [ 
https://issues.apache.org/jira/browse/TEZ-4083?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16959261#comment-16959261
 ]


Siyao Meng commented on TEZ-4083:
---------------------------------

[~abstractdog] FYI if upgrading Hadoop dependency version is the only way to 
go, only Hadoop trunk (3.3.0-SNAPSHOT) has it at the moment since HADOOP-16152 
is committed.

> Upgrade to latest 9.4.x Jetty version
> -------------------------------------
>
>                 Key: TEZ-4083
>                 URL: https://issues.apache.org/jira/browse/TEZ-4083
>             Project: Apache Tez
>          Issue Type: Improvement
>            Reporter: Daniel Velasquez
>            Assignee: László Bodor
>            Priority: Major
>         Attachments: TEZ-4083.01.patch
>
>
> Jetty 9.3.24.v20180605 has security vulnerabilities where the server is 
> vulnerable to XSS conditions.
> [https://www.cvedetails.com/cve/CVE-2019-10241/]
>  



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Commented] (TEZ-4083) Upgrade to latest 9.4.x Jetty version

Reply via email to