[ https://issues.apache.org/jira/browse/HADOOP-17844?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Akira Ajisaka resolved HADOOP-17844. ------------------------------------ Fix Version/s: 3.3.2 3.2.3 3.4.0 Hadoop Flags: Reviewed Resolution: Fixed Committed to trunk, branch-3.3, branch-3.2, and branch-3.2.3. > Upgrade JSON smart to 2.4.7 > --------------------------- > > Key: HADOOP-17844 > URL: https://issues.apache.org/jira/browse/HADOOP-17844 > Project: Hadoop Common > Issue Type: Bug > Reporter: Renukaprasad C > Assignee: Renukaprasad C > Priority: Major > Labels: pull-request-available > Fix For: 3.4.0, 3.2.3, 3.3.2 > > Time Spent: 1h 20m > Remaining Estimate: 0h > > Currently we are using JSON Smart 2.4.2 version which is vulnerable to - > CVE-2021-31684. > We can upgrade the version to 2.4.7 (2.4.5 or later). -- This message was sent by Atlassian Jira (v8.3.4#803005) --------------------------------------------------------------------- To unsubscribe, e-mail: common-dev-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-dev-h...@hadoop.apache.org