Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-18311

Upgrade dependencies to address several CVEs

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Open
    • Major
    • Resolution: Unresolved
    • 3.3.3, 3.3.4
    • None
    • common

    Description

      The following CVEs can be addressed by upgrading dependencies within the build.  This includes a replacement of HTrace with a noop implementation.

      • CVE-2018-7489
      • CVE-2020-10663
      • CVE-2020-28491
      • CVE-2020-35490
      • CVE-2020-35491
      • CVE-2020-36518
      • PRISMA-2021-0182

      This addresses all of the CVEs from 3.3.3 except for ones that would require upgrading Netty to 4.x.  I'll be submitting a pull request for 3.3.4.

      Attachments

        Issue Links

          Activity

            People

              Unassigned Unassigned
              svaughan Steve Vaughan
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:

                Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 3h 10m
                  3h 10m