Now the version is 0.8.2.1 and it has net.jpountz.lz4:lz4:1.2.0 dependency, which is vulnerable. (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4611)
Let's upgrade.
- relates to
-
HADOOP-9991 Fix up Hadoop POMs, roll up JARs to latest versions
-
- Open
-
- links to