[jira] [Created] (HADOOP-18763) Upgrade aws-java-sdk to 1.12.367+

Steve Loughran (Jira) Fri, 09 Jun 2023 03:51:06 -0700

Steve Loughran created HADOOP-18763:
---------------------------------------


             Summary: Upgrade aws-java-sdk to 1.12.367+
                 Key: HADOOP-18763
                 URL: https://issues.apache.org/jira/browse/HADOOP-18763
             Project: Hadoop Common
          Issue Type: Sub-task
          Components: fs/s3
    Affects Versions: 3.3.5
            Reporter: Steve Loughran



aws sdk bundle < 1.12.367 uses a vulnerable versions of netty which is pulling 
in high severity CVE and creating unhappiness in security scans, even if s3a 
doesn't use that lib. 

The safe version for netty is netty:4.1.86.Final and this is used by 
aws-java-adk:1.12.367+



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-dev-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-dev-h...@hadoop.apache.org

[jira] [Created] (HADOOP-18763) Upgrade aws-java-sdk to 1.12.367+

Reply via email to