Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-15970

Upgrade plexus-utils from 2.0.5 to 3.1.0

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 3.0.4, 3.3.0, 3.1.2, 3.2.1
    • Component/s: security
    • Labels:
      None

      Description

      Apache Hadoop uses plexus-utils 2.0.5 and it is vulnerable.
      https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000487

      Let's update the version or remove the usage of this library.

        Attachments

        1. HADOOP-15970.01.patch
          0.8 kB
          Akira Ajisaka

          Activity

            People

            • Assignee:
              aajisaka Akira Ajisaka
              Reporter:
              aajisaka Akira Ajisaka
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: