Details
-
Improvement
-
Status: Open
-
Major
-
Resolution: Unresolved
-
3.3.3, 3.3.4
-
None
Description
The following CVEs can be addressed by upgrading dependencies within the build. This includes a replacement of HTrace with a noop implementation.
- CVE-2018-7489
- CVE-2020-10663
- CVE-2020-28491
- CVE-2020-35490
- CVE-2020-35491
- CVE-2020-36518
- PRISMA-2021-0182
This addresses all of the CVEs from 3.3.3 except for ones that would require upgrading Netty to 4.x. I'll be submitting a pull request for 3.3.4.
Attachments
Issue Links
- is a parent of
-
YARN-11199 Replace htrace-core with hbase-noop-htrace for CVE-2018-7489, CVE-2020-35491, CVE-2020-35490, and CVE-2020-36518
- Open
- is depended upon by
-
HADOOP-18305 Release Hadoop 3.3.4: minor update of hadoop-3.3.3
- Resolved
- links to