[HADOOP-18101] Bump aliyun-sdk-oss to 3.13.2 and jdom2 to 2.0.6.1 - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 3.4.0
Fix Version/s: 3.4.0
Component/s: build, common
Labels:
- pull-request-available

Target Version/s:

3.4.0
Hadoop Flags:

Reviewed

Description

The current aliyun-sdk-oss 3.13.0 is affected by CVE-2021-33813 due to jdom 2.0.6. maven-shade-plugin is also affected by the CVE.

Bumping aliyun-sdk-oss to 3.13.2 and jdom2 to 2.0.6.1 will resolve this issue

[INFO] +- org.apache.maven.plugins:maven-shade-plugin:jar:3.2.1:provided
[INFO] |  +- org.apache.maven.shared:maven-artifact-transfer:jar:0.10.0:provided
[INFO] |  +- org.jdom:jdom2:jar:2.0.6:provided
......
[INFO] +- com.aliyun.oss:aliyun-sdk-oss:jar:3.13.1:compile
[INFO] |  +- org.jdom:jdom2:jar:2.0.6:compile

Attachments

Issue Links

links to

GitHub Pull Request #3951

Activity

People

Assignee:: Aswin Shakil

Reporter:: Aswin Shakil

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 01/Feb/22 00:08

Updated:: 11/Feb/24 23:31

Resolved:: 03/Feb/22 23:52

Time Tracking

Estimated:

Not Specified

Remaining:

Logged:

1h 10m