DW created HADOOP-16676: --------------------------- Summary: Security Vulnerability for dependency jetty-xml -please upgrade Key: HADOOP-16676 URL: https://issues.apache.org/jira/browse/HADOOP-16676 Project: Hadoop Common Issue Type: Bug Components: common Affects Versions: 3.2.1 Reporter: DW
Hello, org.apache.hadoop:hadoop-common define the dependency to jetty-webapp and jetty-xml in version v9.3.24 with known CVE-2017-9735. Please can you upgrade to version 9.4.7 or higher? +--- org.apache.hadoop:hadoop-client:3.2.1 | +--- org.apache.hadoop:hadoop-common:3.2.1 | +--- org.eclipse.jetty:jetty-webapp:9.3.24.v20180605 | | | +--- org.eclipse.jetty:jetty-xml:9.3.24.v20180605 | | | \--- org.eclipse.jetty:jetty-servlet:9.3.24.v20180605 (*) -- This message was sent by Atlassian Jira (v8.3.4#803005) --------------------------------------------------------------------- To unsubscribe, e-mail: common-dev-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-dev-h...@hadoop.apache.org