Details
-
Improvement
-
Status: Open
-
Major
-
Resolution: Unresolved
-
None
-
None
-
None
Description
I'm not an expert on Kotlin but dependabot show these 2 CVEs with the version of kotlin-stdlib used in Hadoop.
kotlin-stlib 1.6.0 is the minimum version needed to fix both. It might be better to use latest v1.6 jar (currently 1.6.21) or even use latest jar altogether (currently 1.7.20).
Attachments
Issue Links
- is depended upon by
-
HADOOP-18837 Upgrade Okio to 3.4.0 due to CVE-2023-3635
- Resolved
- is related to
-
HADOOP-18890 remove okhttp usage
- Resolved
- links to
(1 links to)