Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Fixed
-
None
-
None
-
Reviewed
Description
There are some vulnerabilities reported with two of the libraries used in HBase.
Jruby(version:9.1.10.0): CVE-2009-5147 CVE-2013-4363 CVE-2014-4975 CVE-2014-8080 CVE-2014-8090 CVE-2015-3900 CVE-2015-7551 CVE-2015-9096 CVE-2017-0899 CVE-2017-0900 CVE-2017-0901 CVE-2017-0902 CVE-2017-0903 CVE-2017-10784 CVE-2017-14064 CVE-2017-9224 CVE-2017-9225 CVE-2017-9226 CVE-2017-9227 CVE-2017-9228
Tool somehow able to relate the vulnerability of Ruby with JRuby(Java implementation). (Jackson will be handled in a different issue.)
Not all of them directly affects HBase but elserj suggested that it is better to be on the updated version to avoid issues during an audit in security sensitive organization.
Attachments
Attachments
Issue Links
- is related to
-
HBASE-20598 Upgrade to JRuby 9.2
- Closed
-
MENFORCER-300 Enforcer somewhat is too sensitive
- Closed