Tsz Wo Nicholas Sze created RATIS-294: -----------------------------------------
Summary: Fix ratis-hadoop CVEs Key: RATIS-294 URL: https://issues.apache.org/jira/browse/RATIS-294 Project: Ratis Issue Type: Improvement Components: HadoopRPC Reporter: Tsz Wo Nicholas Sze There are multiple CVEs found in ratis-hadoop. - CVE-2012-4449 | High org.apache.ratis:ratis-hadoop:0.3.0-SNAPSHOT - CVE-2016-5001 | Low org.apache.ratis:ratis-hadoop:0.3.0-SNAPSHOT - CVE-2017-3161 | Medium org.apache.ratis:ratis-hadoop:0.3.0-SNAPSHOT - CVE-2017-3162 | High org.apache.ratis:ratis-hadoop:0.3.0-SNAPSHOT It is very likely that the CVEs come from the Hadoop dependency. We should either update the Hadoop version or temporarily remove Hadoop dependency in order to fix the CVEs. -- This message was sent by Atlassian JIRA (v7.6.3#76005)