Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-18212

hadoop-client-runtime latest version 3.3.2 has security issues

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Resolved
    • Major
    • Resolution: Duplicate
    • 3.3.2
    • 3.3.3
    • build
    • None

    Description

      Currently in highest version of hadoop-client-runtime 3.3.2, there are following security vulnerabilities comes from dependencies:

      com.fasterxml.jackson.core_jackson-databind in version 2.13.0, per [CVE-2020-36518|https://nvd.nist.gov/vuln/detail/CVE-2020-36518,] need to be upgraded to 2.13.2.2.

      commons-codec_commons-codec in version 1.11 per CODEC-134, need to be upgraded to 1.13 or higher

      Thanks.

      Attachments

        Issue Links

          duplicates

          Bug - A problem which impairs or prevents the functions of the product. HADOOP-18178 Upgrade jackson to 2.13.2 and jackson-databind to 2.13.2.2. CVE-2020-36518

          • Major - Major loss of function.
          • Resolved

          Bug - A problem which impairs or prevents the functions of the product. HADOOP-17341 Upgrade commons-codec to 1.15

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Resolved
          Is contained by

          Task - A task that needs to be done. HADOOP-18198 Release Hadoop 3.3.3: hadoop-3.3.2 with some fixes

          • Major - Major loss of function.
          • Resolved

          Activity

            People

              Unassigned Unassigned
              phoebemaomao phoebe chen
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: