Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-18496

upgrade kotlin-stdlib due to CVEs

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Open
    • Major
    • Resolution: Unresolved
    • None
    • None
    • None

    Description

      I'm not an expert on Kotlin but dependabot show these 2 CVEs with the version of kotlin-stdlib used in Hadoop.

      kotlin-stlib 1.6.0 is the minimum version needed to fix both. It might be better to use latest v1.6 jar (currently 1.6.21) or even use latest jar altogether (currently 1.7.20).

       

      Attachments

        Issue Links

          is depended upon by

          Task - A task that needs to be done. HADOOP-18837 Upgrade Okio to 3.4.0 due to CVE-2023-3635

          • Major - Major loss of function.
          • Resolved
          is related to

          Improvement - An improvement or enhancement to an existing feature or task. HADOOP-18890 remove okhttp usage

          • Major - Major loss of function.
          • Resolved
          links to

          Web Link GitHub Pull Request #5035

          Web Link GitHub Pull Request #5139

          Web Link GitHub Pull Request #5140

          Web Link GitHub Pull Request #6057

          Activity

            People

              Unassigned Unassigned
              pj.fanning PJ Fanning
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated: