Miguel Costa created HADOOP-18108:
-------------------------------------
Summary: is there any plan to fix the vulnerabilities in
hadoop-common
Key: HADOOP-18108
URL: https://issues.apache.org/jira/browse/HADOOP-18108
Project: Hadoop Common
Issue Type: Wish
Components: common
Affects Versions: 3.3.1
Reporter: Miguel Costa
Hi all, I use a library that is using hadoop-commons as dependency in quite an
old version.
anyway I was trying to upgrate it to the latest version and found that still
there, there are some problems in hadoop commons.
I can see them even in maven
[https://mvnrepository.com/artifact/org.apache.hadoop/hadoop-common/3.3.1]
[CVE-2022-23305|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23305]
[CVE-2022-23302|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23302]
[CVE-2021-4104|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4104]
[CVE-2021-36374|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36374]
[CVE-2021-36090|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36090]
[CVE-2021-35516|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35516]
[CVE-2021-34429|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34429]
[CVE-2021-22569|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22569]
[CVE-2020-15522|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15522]
Anyway I'm definitely not an expert on this but is there plans to fix this
vulnerabilities?
Or is this library not to be used anymore and we need to migrate to something
else?
Thanks for any feedback
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
---------------------------------------------------------------------
To unsubscribe, e-mail: common-dev-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-dev-h...@hadoop.apache.org
