[jira] [Created] (HBASE-27731) Upgrade commons-validator to version 1.7

Wes Schuitema (Jira) Fri, 17 Mar 2023 09:51:54 -0700

Wes Schuitema created HBASE-27731:
-------------------------------------

             Summary: Upgrade commons-validator to version 1.7
                 Key: HBASE-27731
                 URL: https://issues.apache.org/jira/browse/HBASE-27731
             Project: HBase
          Issue Type: Task
            Reporter: Wes Schuitema
            Assignee: Wes Schuitema



The current version of commons-validator (1.6) has a dependency on 
commons-beanutils-1.9.2.jar, this dependency comes with two CVEs:
- [CVE-2014-0114|https://nvd.nist.gov/vuln/detail/cve-2014-0114]
- [CVE-2019-10086|https://nvd.nist.gov/vuln/detail/cve-2019-10086]

With commons-validator version 1.7 these CVEs are no longer present.

I've also checked the master branch for usages. The only location where 
commons-validator is used is in org.apache.hadoop.hbase.zookeeper.ZKConfig for 
validating ipv6 addresses.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Created] (HBASE-27731) Upgrade commons-validator to version 1.7

Reply via email to