[HBASE-27731] Upgrade commons-validator to version 1.7 - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Task
Status: Resolved
Priority: Minor
Resolution: Fixed
Affects Version/s: None
Fix Version/s: None
Component/s: dependencies, security
Labels:
None

Hadoop Flags:

Reviewed

Description

The current version of commons-validator (1.6) has a dependency on commons-beanutils-1.9.2.jar, this dependency comes with two CVEs:

CVE-2014-0114
CVE-2019-10086

With commons-validator version 1.7 these CVEs are no longer present.

I've also checked the master branch for usages. The only location where commons-validator is used is in org.apache.hadoop.hbase.zookeeper.ZKConfig for validating ipv6 addresses.

Attachments

Issue Links

links to

GitHub Pull Request #5116

Activity

People

Assignee:: Wes Schuitema

Reporter:: Wes Schuitema

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 17/Mar/23 16:50

Updated:: 22/Mar/23 19:29

Resolved:: 21/Mar/23 15:04