Wes Schuitema created HBASE-27731: ------------------------------------- Summary: Upgrade commons-validator to version 1.7 Key: HBASE-27731 URL: https://issues.apache.org/jira/browse/HBASE-27731 Project: HBase Issue Type: Task Reporter: Wes Schuitema Assignee: Wes Schuitema
The current version of commons-validator (1.6) has a dependency on commons-beanutils-1.9.2.jar, this dependency comes with two CVEs: - [CVE-2014-0114|https://nvd.nist.gov/vuln/detail/cve-2014-0114] - [CVE-2019-10086|https://nvd.nist.gov/vuln/detail/cve-2019-10086] With commons-validator version 1.7 these CVEs are no longer present. I've also checked the master branch for usages. The only location where commons-validator is used is in org.apache.hadoop.hbase.zookeeper.ZKConfig for validating ipv6 addresses. -- This message was sent by Atlassian Jira (v8.20.10#820010)