[HADOOP-14100] Upgrade Jsch jar to latest version to fix vulnerability in old versions - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Critical
Resolution: Fixed
Affects Version/s: 2.7.3, 2.6.5
Fix Version/s: 2.9.0, 2.7.4, 3.0.0-alpha4, 2.8.2
Component/s: None
Labels:
None

Target Version/s:

2.7.4
Hadoop Flags:

Reviewed

Description

Recently there was on vulnerability reported on jsch library. Its fixed in latest 0.1.54 version before CVE was made public.
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5725

So, need to upgrade jsch to latest 0.1.54 version.

Attachments

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

HADOOP-14100-01.patch
21/Feb/17 06:16
0.5 kB
Vinayakumar B
HADOOP-14100-branch-2.7.patch
09/May/17 06:00
0.5 kB
Brahma Reddy Battula

Issue Links

causes

HADOOP-15900 Update JSch versions in LICENSE.txt

Resolved

is depended upon by

HADOOP-9991 Fix up Hadoop POMs, roll up JARs to latest versions

Open

is duplicated by

HDFS-14309 name node fail over failed with ssh fence failed because of jsch login failed with key check

Resolved

relates to

HADOOP-11515 Upgrade jsch lib to jsch-0.1.51 to avoid problems running on java7

Resolved

Activity

People

Assignee:: Vinayakumar B

Reporter:: Vinayakumar B

Votes:: 0 Vote for this issue

Watchers:: 9 Start watching this issue

Dates

Created:: 21/Feb/17 06:05

Updated:: 25/Feb/19 06:08

Resolved:: 09/May/17 16:49