[jira] [Created] (HADOOP-18212) hadoop-client-runtime latest version 3.3.2 has security issues

phoebe chen (Jira) Tue, 19 Apr 2022 16:20:05 -0700

phoebe chen created HADOOP-18212:
------------------------------------

             Summary: hadoop-client-runtime latest version 3.3.2 has security 
issues
                 Key: HADOOP-18212
                 URL: https://issues.apache.org/jira/browse/HADOOP-18212
             Project: Hadoop Common
          Issue Type: Improvement
            Reporter: phoebe chen



Currently in highest version of hadoop-client-runtime 3.3.2, there are 
following security vulnerabilities comes from dependencies:

com.fasterxml.jackson.core_jackson-databind in version 2.13.0, per 
[CVE-2020-36518|[https://nvd.nist.gov/vuln/detail/CVE-2020-36518],] need to be 
upgraded to 2.13.2.2.



commons-codec_commons-codec in version 1.11 per 
[issue|https://issues.apache.org/jira/browse/CODEC-134], need to be upgraded to 
1.13 or higher

Thanks.



--
This message was sent by Atlassian Jira
(v8.20.7#820007)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-dev-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-dev-h...@hadoop.apache.org

[jira] [Created] (HADOOP-18212) hadoop-client-runtime latest version 3.3.2 has security issues

Reply via email to