[jira] [Created] (RATIS-294) Fix ratis-hadoop CVEs

Tsz Wo Nicholas Sze (JIRA) Tue, 07 Aug 2018 11:27:19 -0700

Tsz Wo Nicholas Sze created RATIS-294:
-----------------------------------------


             Summary: Fix ratis-hadoop CVEs
                 Key: RATIS-294
                 URL: https://issues.apache.org/jira/browse/RATIS-294
             Project: Ratis
          Issue Type: Improvement
          Components: HadoopRPC
            Reporter: Tsz Wo Nicholas Sze


There are multiple CVEs found in ratis-hadoop.
- CVE-2012-4449  |  High org.apache.ratis:ratis-hadoop:0.3.0-SNAPSHOT
- CVE-2016-5001  |  Low org.apache.ratis:ratis-hadoop:0.3.0-SNAPSHOT
- CVE-2017-3161  |  Medium org.apache.ratis:ratis-hadoop:0.3.0-SNAPSHOT
- CVE-2017-3162  |  High org.apache.ratis:ratis-hadoop:0.3.0-SNAPSHOT

It is very likely that the CVEs come from the Hadoop dependency.  We should 
either update the Hadoop version or temporarily remove Hadoop dependency in 
order to fix the CVEs.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Created] (RATIS-294) Fix ratis-hadoop CVEs

Reply via email to