Details
-
Task
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
None
-
None
-
Reviewed
Description
They have stopped patching the JDK 1.5 jars that Hadoop uses (see https://issues.apache.org/jira/browse/HADOOP-18540).
The new artifacts have similar names - but the names are like bcprov-jdk18on as opposed to bcprov-jdk15on.
CVE-2023-33201 is an example of a security issue that seems only to be fixed in the JDK 1.8 artifacts (ie no JDK 1.5 jar has the fix).
https://www.bouncycastle.org/releasenotes.html#r1rv77 latest current release but the CVE was fixed in 1.74.
Attachments
Issue Links
- relates to
-
HBASE-28714 Hadoop check for hadoop 3.4.0 is failing
- Resolved
-
HADOOP-18540 Upgrade Bouncy Castle to 1.70
- Resolved
- links to