You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-issues@hadoop.apache.org by "David Quigley (Jira)" <ji...@apache.org> on 2022/02/02 23:19:00 UTC
[jira] (HADOOP-18108) is there any plan to fix the vulnerabilities in hadoop-common
[ https://issues.apache.org/jira/browse/HADOOP-18108 ]
David Quigley deleted comment on HADOOP-18108:
----------------------------------------
was (Author: JIRAUSER284557):
[~weichiu] I was looking into updating some of these dependencies and it wasn't clear where the hadoop-common build declares the version for its dependencies. Could you point me in the right direction.
> is there any plan to fix the vulnerabilities in hadoop-common
> -------------------------------------------------------------
>
> Key: HADOOP-18108
> URL: https://issues.apache.org/jira/browse/HADOOP-18108
> Project: Hadoop Common
> Issue Type: Wish
> Components: common
> Affects Versions: 3.3.1
> Reporter: Miguel Costa
> Priority: Major
>
> Hi all, I use a library that is using hadoop-commons as dependency in quite an old version.
> anyway I was trying to upgrate it to the latest version and found that still there, there are some problems in hadoop commons.
> I can see them even in maven
> [https://mvnrepository.com/artifact/org.apache.hadoop/hadoop-common/3.3.1]
>
> [CVE-2022-23305|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23305]
> [CVE-2022-23302|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23302]
> [CVE-2021-4104|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4104]
> [CVE-2021-36374|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36374]
> [CVE-2021-36090|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36090]
> [CVE-2021-35516|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35516]
> [CVE-2021-34429|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34429]
> [CVE-2021-22569|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22569]
> [CVE-2020-15522|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15522]
>
> Anyway I'm definitely not an expert on this but is there plans to fix this vulnerabilities?
> Or is this library not to be used anymore and we need to migrate to something else?
> Thanks for any feedback
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org