You are viewing a plain text version of this content. The canonical link for it is here.

Posted to common-issues@hadoop.apache.org by "Akira Ajisaka (Jira)" <ji...@apache.org> on 2022/02/21 09:50:00 UTC

[jira] [Updated] (HADOOP-17633) Bump json-smart to 2.4.2 and nimbus-jose-jwt to 9.8 due to CVEs

     [ https://issues.apache.org/jira/browse/HADOOP-17633?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Akira Ajisaka updated HADOOP-17633:
-----------------------------------
    Summary: Bump json-smart to 2.4.2 and nimbus-jose-jwt to 9.8 due to CVEs  (was: Please upgrade json-smart dependency to the latest version)

> Bump json-smart to 2.4.2 and nimbus-jose-jwt to 9.8 due to CVEs
> ---------------------------------------------------------------
>
>                 Key: HADOOP-17633
>                 URL: https://issues.apache.org/jira/browse/HADOOP-17633
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: auth, build
>    Affects Versions: 3.3.0, 3.2.1, 3.2.2, 3.4.0
>            Reporter: helen huang
>            Assignee: Viraj Jasani
>            Priority: Major
>              Labels: pull-request-available
>             Fix For: 3.3.1, 3.4.0, 3.2.3
>
>          Time Spent: 4h 20m
>  Remaining Estimate: 0h
>
> Please upgrade the json-smart dependency to the latest version available.
> Currently hadoop-auth is using version 2.3. Fortify scan picked up a security issue with this version. Please upgrade to the latest version. 
> Thanks!
>  



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org