[HBASE-28249] Bump jruby to 9.3.13.0 and related joni and jcodings to 2.2.1 and 1.0.58 respectively - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Task
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 2.6.0, 3.0.0-beta-2
Component/s: jruby, security, shell
Labels:
None

Hadoop Flags:

Reviewed

Description

Given branch-2 including branch-2.6 is already on 9.3.9.0, we should bump to at least 9.3.13.0. This will fix the bundled org.bouncycastle : bcprov-jdk18on : 1.71 having CVE-2023-33201 from our classpath for the least.

As a follow up can try to bump to latest 9.4.x line. Otherwise I can try to work directly on HBASE-28250 as well, although this may not be straight forward and would require some good testing.

Please let me know what others think.

Attachments

Issue Links

is cloned by

HBASE-28250 Bump jruby to 9.4.5.0 and related joni and jcodings

Open

supercedes

HBASE-27921 Bump up jruby to 9.4.2.0 and related joni and jcodings to 2.1.48 and 1.0.58 respectively

Resolved

links to

GitHub Pull Request #5568

Activity

People

Assignee:: Nihal Jain

Reporter:: Nihal Jain

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 07/Dec/23 09:40

Updated:: 04/Jan/24 07:04

Resolved:: 03/Jan/24 14:28