[HADOOP-16676] Backport HADOOP-16152 to branch-3.2 - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 3.2.1
Fix Version/s: 3.2.2
Component/s: common
Labels:
None

Target Version/s:

3.2.2

Description

Hello,

org.apache.hadoop:hadoop-common define the dependency to jetty-webapp and jetty-xml in version v9.3.24 with known CVE-2017-9735. Please can you upgrade to version 9.4.7 or higher?

+--- org.apache.hadoop:hadoop-client:3.2.1

+--- org.apache.hadoop:hadoop-common:3.2.1
+--- org.eclipse.jetty:jetty-webapp:9.3.24.v20180605
		+--- org.eclipse.jetty:jetty-xml:9.3.24.v20180605
		--- org.eclipse.jetty:jetty-servlet:9.3.24.v20180605

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

HADOOP-16676.branch-3.2.001.patch
05/Nov/19 22:41
15 kB
Siyao Meng
HADOOP-16676.branch-3.2.001.patch
05/Nov/19 17:32
24 kB
Siyao Meng
HADOOP-16676.branch-3.2.002.patch
07/Nov/19 23:13
14 kB
Siyao Meng

Issue Links

breaks

HBASE-26253 Backport HBASE-23834 to branch 2.3

Resolved

relates to

BIGTOP-3486 Fix version mismatch of Jetty between Hadoop and HBase

Resolved

HADOOP-16152 Upgrade Eclipse Jetty version to 9.4.x

Resolved

Activity

People

Assignee:: Siyao Meng

Reporter:: DW

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 30/Oct/19 14:23

Updated:: 03/Sep/21 10:28

Resolved:: 12/Nov/19 19:40