You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ranger.apache.org by "Velmurugan Periasamy (JIRA)" <ji...@apache.org> on 2016/05/20 22:30:13 UTC

[jira] [Commented] (RANGER-839) Update httpcomponent dependencies

    [ https://issues.apache.org/jira/browse/RANGER-839?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15294400#comment-15294400 ] 

Velmurugan Periasamy commented on RANGER-839:
---------------------------------------------

Reopening to address NPE from hadoop key commands to KMS. Need https://issues.apache.org/jira/browse/HADOOP-12767

> Update httpcomponent dependencies
> ---------------------------------
>
>                 Key: RANGER-839
>                 URL: https://issues.apache.org/jira/browse/RANGER-839
>             Project: Ranger
>          Issue Type: Improvement
>            Reporter: Colm O hEigeartaigh
>            Assignee: Sailaja Polavarapu
>            Priority: Minor
>             Fix For: 0.6.0
>
>         Attachments: 0001-RANGER-839-Update-httpcomponent-dependencies.patch
>
>
> The httpcomponent dependencies in Ranger should be updated due to a number of CVE advisories:
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3577
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5262
> The patch contains the following dependency updates:
> httpcomponents.httpclient.version: 4.2.5 ==> 4.5.1
> httpcomponents.httpcore.version: 4.2.5 ==> 4.4.3
> httpcomponents.httpmime.version: 4.2.5 ==> 4.5.1



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)