[jira] [Updated] (HBASE-27921) Bump up jruby to 9.4.2.0 and related joni and jcodings to 2.1.48 and 1.0.58 respectively
[ https://issues.apache.org/jira/browse/HBASE-27921?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Duo Zhang updated HBASE-27921: -- Fix Version/s: (was: 3.0.0-beta-1) Resolution: Duplicate Status: Resolved (was: Patch Available) Resolve as duplicated by HBASE-28249. Thanks [~sercan.tekin] for raising the issue and PR. > Bump up jruby to 9.4.2.0 and related joni and jcodings to 2.1.48 and 1.0.58 > respectively > > > Key: HBASE-27921 > URL: https://issues.apache.org/jira/browse/HBASE-27921 > Project: HBase > Issue Type: Bug >Affects Versions: 3.0.0-alpha-4 >Reporter: Sercan Tekin >Priority: Major > Labels: jruby, security, shell > > Current version of *jruby* (9.3.9.0) has snakeyaml dependency version 1.33. > {code:java} > > find ./jruby-complete-9.3.9.0/ -name "*snakeyaml*" > ./jruby-complete-9.3.9.0/META-INF/jruby.home/lib/ruby/stdlib/org/yaml/snakeyaml > ./jruby-complete-9.3.9.0/META-INF/jruby.home/lib/ruby/stdlib/org/yaml/snakeyaml/1.33/snakeyaml-1.33.jar > {code} > *snakeyaml-1.33* has a critical CVE > [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1471] > {*}jruby-complete-9.4.2{*}{*}.0{*} uses {*}snakeyaml-engine-2.6{*}. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (HBASE-27921) Bump up jruby to 9.4.2.0 and related joni and jcodings to 2.1.48 and 1.0.58 respectively
[ https://issues.apache.org/jira/browse/HBASE-27921?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sercan Tekin updated HBASE-27921: - Description: Current version of *jruby* (9.3.9.0) has snakeyaml dependency version 1.33. {code:java} > find ./jruby-complete-9.3.9.0/ -name "*snakeyaml*" ./jruby-complete-9.3.9.0/META-INF/jruby.home/lib/ruby/stdlib/org/yaml/snakeyaml ./jruby-complete-9.3.9.0/META-INF/jruby.home/lib/ruby/stdlib/org/yaml/snakeyaml/1.33/snakeyaml-1.33.jar {code} *snakeyaml-1.33* has a critical CVE [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1471] {*}jruby-complete-9.4.2{*}{*}.0{*} uses {*}snakeyaml-engine-2.6{*}. was: Current version of *jruby* (9.3.9.0) has snakeyaml dependency version 1.33. {code:java} > find ./jruby-complete-9.3.9.0/ -name "*snakeyaml*" ./jruby-complete-9.3.9.0/META-INF/jruby.home/lib/ruby/stdlib/org/yaml/snakeyaml ./jruby-complete-9.3.9.0/META-INF/jruby.home/lib/ruby/stdlib/org/yaml/snakeyaml/1.33/snakeyaml-1.33.jar {code} *snakeyaml-1.33* has a critical CVE [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1471] *jruby-complete-9.3.11.0* uses {*}snakeyaml-engine-2.6{*}. > Bump up jruby to 9.4.2.0 and related joni and jcodings to 2.1.48 and 1.0.58 > respectively > > > Key: HBASE-27921 > URL: https://issues.apache.org/jira/browse/HBASE-27921 > Project: HBase > Issue Type: Bug >Affects Versions: 3.0.0-alpha-4 >Reporter: Sercan Tekin >Priority: Major > Labels: jruby, security, shell > Fix For: 3.0.0-beta-1 > > > Current version of *jruby* (9.3.9.0) has snakeyaml dependency version 1.33. > {code:java} > > find ./jruby-complete-9.3.9.0/ -name "*snakeyaml*" > ./jruby-complete-9.3.9.0/META-INF/jruby.home/lib/ruby/stdlib/org/yaml/snakeyaml > ./jruby-complete-9.3.9.0/META-INF/jruby.home/lib/ruby/stdlib/org/yaml/snakeyaml/1.33/snakeyaml-1.33.jar > {code} > *snakeyaml-1.33* has a critical CVE > [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1471] > {*}jruby-complete-9.4.2{*}{*}.0{*} uses {*}snakeyaml-engine-2.6{*}. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (HBASE-27921) Bump up jruby to 9.4.2.0 and related joni and jcodings to 2.1.48 and 1.0.58 respectively
[ https://issues.apache.org/jira/browse/HBASE-27921?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sercan Tekin updated HBASE-27921: - Summary: Bump up jruby to 9.4.2.0 and related joni and jcodings to 2.1.48 and 1.0.58 respectively (was: Bump up jruby to 9.3.11.0 and related joni and jcodings to 2.2.1 and 1.0.58 respectively) > Bump up jruby to 9.4.2.0 and related joni and jcodings to 2.1.48 and 1.0.58 > respectively > > > Key: HBASE-27921 > URL: https://issues.apache.org/jira/browse/HBASE-27921 > Project: HBase > Issue Type: Bug >Affects Versions: 3.0.0-alpha-4 >Reporter: Sercan Tekin >Priority: Major > Labels: jruby, security, shell > Fix For: 3.0.0-beta-1 > > > Current version of *jruby* (9.3.9.0) has snakeyaml dependency version 1.33. > {code:java} > > find ./jruby-complete-9.3.9.0/ -name "*snakeyaml*" > ./jruby-complete-9.3.9.0/META-INF/jruby.home/lib/ruby/stdlib/org/yaml/snakeyaml > ./jruby-complete-9.3.9.0/META-INF/jruby.home/lib/ruby/stdlib/org/yaml/snakeyaml/1.33/snakeyaml-1.33.jar > {code} > *snakeyaml-1.33* has a critical CVE > [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1471] > *jruby-complete-9.3.11.0* uses {*}snakeyaml-engine-2.6{*}. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (HBASE-27921) Bump up jruby to 9.4.2.0 and related joni and jcodings to 2.1.48 and 1.0.58 respectively
[ https://issues.apache.org/jira/browse/HBASE-27921?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sercan Tekin updated HBASE-27921: - Fix Version/s: 3.0.0-beta-1 > Bump up jruby to 9.4.2.0 and related joni and jcodings to 2.1.48 and 1.0.58 > respectively > > > Key: HBASE-27921 > URL: https://issues.apache.org/jira/browse/HBASE-27921 > Project: HBase > Issue Type: Bug >Affects Versions: 3.0.0-alpha-4 >Reporter: Sercan Tekin >Priority: Major > Labels: jruby, security, shell > Fix For: 3.0.0-beta-1 > > > Current version of *jruby* (9.3.9.0) has snakeyaml dependency version 1.33. > {code:java} > > find ./jruby-complete-9.3.9.0/ -name "*snakeyaml*" > ./jruby-complete-9.3.9.0/META-INF/jruby.home/lib/ruby/stdlib/org/yaml/snakeyaml > ./jruby-complete-9.3.9.0/META-INF/jruby.home/lib/ruby/stdlib/org/yaml/snakeyaml/1.33/snakeyaml-1.33.jar > {code} > *snakeyaml-1.33* has a critical CVE > [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1471] > *jruby-complete-9.4.2.0* uses {*}snakeyaml-engine-2.6{*}. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (HBASE-27921) Bump up jruby to 9.4.2.0 and related joni and jcodings to 2.1.48 and 1.0.58 respectively
[ https://issues.apache.org/jira/browse/HBASE-27921?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sercan Tekin updated HBASE-27921: - Affects Version/s: (was: 2.5.4) > Bump up jruby to 9.4.2.0 and related joni and jcodings to 2.1.48 and 1.0.58 > respectively > > > Key: HBASE-27921 > URL: https://issues.apache.org/jira/browse/HBASE-27921 > Project: HBase > Issue Type: Bug >Affects Versions: 3.0.0-alpha-4 >Reporter: Sercan Tekin >Priority: Major > Labels: jruby, security, shell > > Current version of *jruby* (9.3.9.0) has snakeyaml dependency version 1.33. > {code:java} > > find ./jruby-complete-9.3.9.0/ -name "*snakeyaml*" > ./jruby-complete-9.3.9.0/META-INF/jruby.home/lib/ruby/stdlib/org/yaml/snakeyaml > ./jruby-complete-9.3.9.0/META-INF/jruby.home/lib/ruby/stdlib/org/yaml/snakeyaml/1.33/snakeyaml-1.33.jar > {code} > *snakeyaml-1.33* has a critical CVE > [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1471] > *jruby-complete-9.4.2.0* uses {*}snakeyaml-engine-2.6{*}. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (HBASE-27921) Bump up jruby to 9.4.2.0 and related joni and jcodings to 2.1.48 and 1.0.58 respectively
[ https://issues.apache.org/jira/browse/HBASE-27921?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sercan Tekin updated HBASE-27921: - Affects Version/s: 2.5.4 3.0.0-alpha-4 > Bump up jruby to 9.4.2.0 and related joni and jcodings to 2.1.48 and 1.0.58 > respectively > > > Key: HBASE-27921 > URL: https://issues.apache.org/jira/browse/HBASE-27921 > Project: HBase > Issue Type: Bug >Affects Versions: 3.0.0-alpha-4, 2.5.4 >Reporter: Sercan Tekin >Priority: Major > Labels: jruby, security, shell > > Current version of *jruby* (9.3.9.0) has snakeyaml dependency version 1.33. > {code:java} > > find ./jruby-complete-9.3.9.0/ -name "*snakeyaml*" > ./jruby-complete-9.3.9.0/META-INF/jruby.home/lib/ruby/stdlib/org/yaml/snakeyaml > ./jruby-complete-9.3.9.0/META-INF/jruby.home/lib/ruby/stdlib/org/yaml/snakeyaml/1.33/snakeyaml-1.33.jar > {code} > *snakeyaml-1.33* has a critical CVE > [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1471] > *jruby-complete-9.4.2.0* uses {*}snakeyaml-engine-2.6{*}. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (HBASE-27921) Bump up jruby to 9.4.2.0 and related joni and jcodings to 2.1.48 and 1.0.58 respectively
[ https://issues.apache.org/jira/browse/HBASE-27921?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sercan Tekin updated HBASE-27921: - Status: Patch Available (was: Open) > Bump up jruby to 9.4.2.0 and related joni and jcodings to 2.1.48 and 1.0.58 > respectively > > > Key: HBASE-27921 > URL: https://issues.apache.org/jira/browse/HBASE-27921 > Project: HBase > Issue Type: Bug >Reporter: Sercan Tekin >Priority: Major > Labels: jruby, security, shell > > Current version of *jruby* (9.3.9.0) has snakeyaml dependency version 1.33. > {code:java} > > find ./jruby-complete-9.3.9.0/ -name "*snakeyaml*" > ./jruby-complete-9.3.9.0/META-INF/jruby.home/lib/ruby/stdlib/org/yaml/snakeyaml > ./jruby-complete-9.3.9.0/META-INF/jruby.home/lib/ruby/stdlib/org/yaml/snakeyaml/1.33/snakeyaml-1.33.jar > {code} > *snakeyaml-1.33* has a critical CVE > [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1471] > *jruby-complete-9.4.2.0* uses {*}snakeyaml-engine-2.6{*}. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (HBASE-27921) Bump up jruby to 9.4.2.0 and related joni and jcodings to 2.1.48 and 1.0.58 respectively
[ https://issues.apache.org/jira/browse/HBASE-27921?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sercan Tekin updated HBASE-27921: - Labels: jruby security shell (was: ) > Bump up jruby to 9.4.2.0 and related joni and jcodings to 2.1.48 and 1.0.58 > respectively > > > Key: HBASE-27921 > URL: https://issues.apache.org/jira/browse/HBASE-27921 > Project: HBase > Issue Type: Bug >Reporter: Sercan Tekin >Priority: Major > Labels: jruby, security, shell > > Current version of *jruby* (9.3.9.0) has snakeyaml dependency version 1.33. > {code:java} > > find ./jruby-complete-9.3.9.0/ -name "*snakeyaml*" > ./jruby-complete-9.3.9.0/META-INF/jruby.home/lib/ruby/stdlib/org/yaml/snakeyaml > ./jruby-complete-9.3.9.0/META-INF/jruby.home/lib/ruby/stdlib/org/yaml/snakeyaml/1.33/snakeyaml-1.33.jar > {code} > *snakeyaml-1.33* has a critical CVE > [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1471] > *jruby-complete-9.4.2.0* uses {*}snakeyaml-engine-2.6{*}. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (HBASE-27921) Bump up jruby to 9.4.2.0 and related joni and jcodings to 2.1.48 and 1.0.58 respectively
[ https://issues.apache.org/jira/browse/HBASE-27921?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sercan Tekin updated HBASE-27921: - Description: Current version of *jruby* (9.3.9.0) has snakeyaml dependency version 1.33. {code:java} > find ./jruby-complete-9.3.9.0/ -name "*snakeyaml*" ./jruby-complete-9.3.9.0/META-INF/jruby.home/lib/ruby/stdlib/org/yaml/snakeyaml ./jruby-complete-9.3.9.0/META-INF/jruby.home/lib/ruby/stdlib/org/yaml/snakeyaml/1.33/snakeyaml-1.33.jar {code} *snakeyaml-1.33* has a critical CVE [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1471] *jruby-complete-9.4.2.0* uses {*}snakeyaml-engine-2.6{*}. was: Current version of `jruby` (9.3.9.0) has snakeyaml dependency version 1.33. {code:java} > find ./jruby-complete-9.3.9.0/ -name "*snakeyaml*" ./jruby-complete-9.3.9.0/META-INF/jruby.home/lib/ruby/stdlib/org/yaml/snakeyaml ./jruby-complete-9.3.9.0/META-INF/jruby.home/lib/ruby/stdlib/org/yaml/snakeyaml/1.33/snakeyaml-1.33.jar {code} `snakeyaml-1.33` has a critical CVE [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1471] `jruby-complete-9.4.2.0` uses `snakeyaml-engine-2.6`. > Bump up jruby to 9.4.2.0 and related joni and jcodings to 2.1.48 and 1.0.58 > respectively > > > Key: HBASE-27921 > URL: https://issues.apache.org/jira/browse/HBASE-27921 > Project: HBase > Issue Type: Bug >Reporter: Sercan Tekin >Priority: Major > > Current version of *jruby* (9.3.9.0) has snakeyaml dependency version 1.33. > {code:java} > > find ./jruby-complete-9.3.9.0/ -name "*snakeyaml*" > ./jruby-complete-9.3.9.0/META-INF/jruby.home/lib/ruby/stdlib/org/yaml/snakeyaml > ./jruby-complete-9.3.9.0/META-INF/jruby.home/lib/ruby/stdlib/org/yaml/snakeyaml/1.33/snakeyaml-1.33.jar > {code} > *snakeyaml-1.33* has a critical CVE > [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1471] > *jruby-complete-9.4.2.0* uses {*}snakeyaml-engine-2.6{*}. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (HBASE-27921) Bump up jruby to 9.4.2.0 and related joni and jcodings to 2.1.48 and 1.0.58 respectively
[ https://issues.apache.org/jira/browse/HBASE-27921?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sercan Tekin updated HBASE-27921: - Description: Current version of `jruby` (9.3.9.0) has snakeyaml dependency version 1.33. {code:java} > find ./jruby-complete-9.3.9.0/ -name "*snakeyaml*" ./jruby-complete-9.3.9.0/META-INF/jruby.home/lib/ruby/stdlib/org/yaml/snakeyaml ./jruby-complete-9.3.9.0/META-INF/jruby.home/lib/ruby/stdlib/org/yaml/snakeyaml/1.33/snakeyaml-1.33.jar {code} `snakeyaml-1.33` has a critical CVE [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1471] `jruby-complete-9.4.2.0` uses `snakeyaml-engine-2.6`. was: Current version of `jruby` (9.3.9.0) has snakeyaml dependency version 1.33. {code:java} > find ./jruby-complete-9.3.9.0/ -name "*snakeyaml*" ./jruby-complete-9.3.9.0/META-INF/jruby.home/lib/ruby/stdlib/org/yaml/snakeyaml ./jruby-complete-9.3.9.0/META-INF/jruby.home/lib/ruby/stdlib/org/yaml/snakeyaml/1.33/snakeyaml-1.33.jar {code} `snakeyaml-1.33` has a critical CVE [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1471] jruby > Bump up jruby to 9.4.2.0 and related joni and jcodings to 2.1.48 and 1.0.58 > respectively > > > Key: HBASE-27921 > URL: https://issues.apache.org/jira/browse/HBASE-27921 > Project: HBase > Issue Type: Bug >Reporter: Sercan Tekin >Priority: Major > > Current version of `jruby` (9.3.9.0) has snakeyaml dependency version 1.33. > {code:java} > > find ./jruby-complete-9.3.9.0/ -name "*snakeyaml*" > ./jruby-complete-9.3.9.0/META-INF/jruby.home/lib/ruby/stdlib/org/yaml/snakeyaml > ./jruby-complete-9.3.9.0/META-INF/jruby.home/lib/ruby/stdlib/org/yaml/snakeyaml/1.33/snakeyaml-1.33.jar > {code} > `snakeyaml-1.33` has a critical CVE > [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1471] > `jruby-complete-9.4.2.0` uses `snakeyaml-engine-2.6`. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (HBASE-27921) Bump up jruby to 9.4.2.0 and related joni and jcodings to 2.1.48 and 1.0.58 respectively
[ https://issues.apache.org/jira/browse/HBASE-27921?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sercan Tekin updated HBASE-27921: - Description: Current version of `jruby` (9.3.9.0) has snakeyaml dependency version 1.33. {code:java} > find ./jruby-complete-9.3.9.0/ -name "*snakeyaml*" ./jruby-complete-9.3.9.0/META-INF/jruby.home/lib/ruby/stdlib/org/yaml/snakeyaml ./jruby-complete-9.3.9.0/META-INF/jruby.home/lib/ruby/stdlib/org/yaml/snakeyaml/1.33/snakeyaml-1.33.jar {code} `snakeyaml-1.33` has a critical CVE [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1471] jruby was:Current version of > Bump up jruby to 9.4.2.0 and related joni and jcodings to 2.1.48 and 1.0.58 > respectively > > > Key: HBASE-27921 > URL: https://issues.apache.org/jira/browse/HBASE-27921 > Project: HBase > Issue Type: Bug >Reporter: Sercan Tekin >Priority: Major > > Current version of `jruby` (9.3.9.0) has snakeyaml dependency version 1.33. > {code:java} > > find ./jruby-complete-9.3.9.0/ -name "*snakeyaml*" > ./jruby-complete-9.3.9.0/META-INF/jruby.home/lib/ruby/stdlib/org/yaml/snakeyaml > ./jruby-complete-9.3.9.0/META-INF/jruby.home/lib/ruby/stdlib/org/yaml/snakeyaml/1.33/snakeyaml-1.33.jar > {code} > `snakeyaml-1.33` has a critical CVE > [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1471] > jruby -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (HBASE-27921) Bump up jruby to 9.4.2.0 and related joni and jcodings to 2.1.48 and 1.0.58 respectively
[ https://issues.apache.org/jira/browse/HBASE-27921?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sercan Tekin updated HBASE-27921: - Description: Current version of > Bump up jruby to 9.4.2.0 and related joni and jcodings to 2.1.48 and 1.0.58 > respectively > > > Key: HBASE-27921 > URL: https://issues.apache.org/jira/browse/HBASE-27921 > Project: HBase > Issue Type: Bug >Reporter: Sercan Tekin >Priority: Major > > Current version of -- This message was sent by Atlassian Jira (v8.20.10#820010)