[HADOOP-16690] Update dependency com.nimbusds:nimbus-jose-jwt due to security vulnerability - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Done
Affects Version/s: 3.2.1
Fix Version/s: None
Component/s: auth
Labels:
None

Description

Apache Hadoop Auth org.apache.hadoop:hadoop-auth:3.2.1 define dependency to com.nimbusds:nimbus-jose-jwt:4.41.1. There is a known security vulnerability for nimbus-jose-jwt: CVE-2019-17195. Can you upgrade to v7.9 or higher?

Attachments

Issue Links

relates to

AVRO-3111 Update Hadoop versions to prevent false-positive security reports

Resolved

Activity

People

Assignee:: Unassigned

Reporter:: DW

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 07/Nov/19 16:22

Updated:: 16/Apr/21 06:56

Resolved:: 15/May/20 01:21