[
https://issues.apache.org/jira/browse/CAMEL-18246?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17562182#comment-17562182
]
Alex Dettinger commented on CAMEL-18246:
So indeed, the update to hadoop-common 2.10.2 is breaking the hbase tests, plus
we are not sure whether it's really safer
(https://issues.apache.org/jira/browse/HADOOP-18317).
However, it should be possible to upgrade the hadoop3-version to 3.3.3:
https://github.com/apache/camel/pull/7970
> CVE-2022-26612: Upgrade hadoop-common >= 2.10.2, 3.3.3
> --
>
> Key: CAMEL-18246
> URL: https://issues.apache.org/jira/browse/CAMEL-18246
> Project: Camel
> Issue Type: Dependency upgrade
>Reporter: Alex Dettinger
>Assignee: Alex Dettinger
>Priority: Major
> Fix For: 3.18.1, 3.19.0
>
>
> It relates to
> [CAMEL-QUAKRUS-3763|https://github.com/apache/camel-quarkus/issues/3763]
> where hbase and hdfs are affected by
> |CVE-2022-26612|https://nvd.nist.gov/vuln/detail/CVE-2022-26612].
> According to HADOOP-18155, we need to upgrade to
> org.apache.hadoop:hadoop-common >= 2.10.2, 3.2.3, 3.3.3, 3.4.0.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
