[ https://issues.apache.org/jira/browse/TEZ-4426?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
László Bodor updated TEZ-4426: ------------------------------ Fix Version/s: 0.10.2 > [CVE-2018-1000620] Upgrade cryptiles version from 2.0.5 to 4.1.2 to fix > vulnerability > ------------------------------------------------------------------------------------- > > Key: TEZ-4426 > URL: https://issues.apache.org/jira/browse/TEZ-4426 > Project: Apache Tez > Issue Type: Sub-task > Reporter: Aman Raj > Assignee: Aman Raj > Priority: Major > Fix For: 0.10.2 > > Time Spent: 1h 10m > Remaining Estimate: 0h > > Versions of {{cryptiles}} prior to 4.1.2 are vulnerable to Insufficient > Entropy. The {{randomDigits()}} method does not provide sufficient entropy > and its generates digits that are not evenly distributed. -- This message was sent by Atlassian Jira (v8.20.7#820007)