[HADOOP-17844] Upgrade JSON smart to 2.4.7 - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 3.4.0, 3.2.3, 3.3.2
Fix Version/s: 3.4.0, 3.2.3, 3.3.2
Component/s: build, common
Labels:
- pull-request-available

Target Version/s:

3.4.0, 3.2.3, 3.3.2
Hadoop Flags:

Reviewed

Description

Currently we are using JSON Smart 2.4.2 version which is vulnerable to - CVE-2021-31684.

We can upgrade the version to 2.4.7 (2.4.5 or later).

Attachments

Issue Links

relates to

HADOOP-17885 Upgrade JSON smart to 1.3.3 on branch-2.10

Resolved

HADOOP-17633 Bump json-smart to 2.4.2 and nimbus-jose-jwt to 9.8 due to CVEs

Resolved

links to

GitHub Pull Request #3299

Activity

People

Assignee:: Renukaprasad C

Reporter:: Renukaprasad C

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 11/Aug/21 10:06

Updated:: 11/Feb/24 14:27

Resolved:: 14/Aug/21 11:32

Time Tracking

Estimated:

Not Specified

Remaining:

0h

Logged:

1h 40m