[RATIS-294] Fix ratis-hadoop CVEs - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Resolved
Priority: Blocker
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 0.3.0
Component/s: HadoopRPC
Labels:
- ozone

Target Version/s:

0.3.0

Description

There are multiple CVEs found in ratis-hadoop.

CVE-2012-4449 | High org.apache.ratis:ratis-hadoop:0.3.0-SNAPSHOT
CVE-2016-5001 | Low org.apache.ratis:ratis-hadoop:0.3.0-SNAPSHOT
CVE-2017-3161 | Medium org.apache.ratis:ratis-hadoop:0.3.0-SNAPSHOT
CVE-2017-3162 | High org.apache.ratis:ratis-hadoop:0.3.0-SNAPSHOT

It is very likely that the CVEs come from the Hadoop dependency. We should either update the Hadoop version or temporarily remove Hadoop dependency in order to fix the CVEs.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

r294_20180921.patch
21/Sep/18 20:41
0.4 kB
Tsz-wo Sze

Activity

People

Assignee:: Tsz-wo Sze

Reporter:: Tsz-wo Sze

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 07/Aug/18 18:26

Updated:: 28/Sep/18 17:33

Resolved:: 28/Sep/18 17:33