You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@hbase.apache.org by "Rajeshbabu Chintaguntla (Jira)" <ji...@apache.org> on 2023/01/27 17:51:00 UTC

[jira] [Commented] (HBASE-27586) Bump up commons-codec to 1.15

    [ https://issues.apache.org/jira/browse/HBASE-27586?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17681421#comment-17681421 ] 

Rajeshbabu Chintaguntla commented on HBASE-27586:
-------------------------------------------------

Thanks for committing [~zhangduo].

> Bump up commons-codec to 1.15
> -----------------------------
>
>                 Key: HBASE-27586
>                 URL: https://issues.apache.org/jira/browse/HBASE-27586
>             Project: HBase
>          Issue Type: Bug
>          Components: dependencies, security
>            Reporter: Rajeshbabu Chintaguntla
>            Assignee: Rajeshbabu Chintaguntla
>            Priority: Major
>             Fix For: 2.6.0, 3.0.0-alpha-4, 2.4.17, 2.5.4
>
>
> commons-codec 1.15 has proper fix of few CVEs which may not effect in HBase but better to upgrade to ensure compliance.
> Ex: While [a fix|https://github.com/apache/commons-codec/commit/48b615756d1d770091ea3322eefc08011ee8b113] was earlier made to {{commons-codec:commons-codec}} version 1.13, it was later found out to be incomplete. A [complete fix|https://github.com/apache/commons-codec/pull/29] exists in version 1.14 and that is the version users should upgrade to.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)