You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@hbase.apache.org by "Wes Schuitema (Jira)" <ji...@apache.org> on 2023/04/26 13:09:00 UTC

[jira] [Created] (HBASE-27817) Migrate javax.el:3.0.1-b08 to jakarta.el-4.0.2

Wes Schuitema created HBASE-27817:
-------------------------------------

             Summary: Migrate javax.el:3.0.1-b08 to jakarta.el-4.0.2
                 Key: HBASE-27817
                 URL: https://issues.apache.org/jira/browse/HBASE-27817
             Project: HBase
          Issue Type: Task
    Affects Versions: 3.0.0-alpha-4, 2.5.5, 2.4.18
            Reporter: Wes Schuitema


The javax.el artifact contains a CVE: [CVE-2021-28170. |https://nvd.nist.gov/vuln/detail/CVE-2021-28170]The CVE itself is not a big issue since we're pre-compiling our JSP pages when building HBase, no user input is parsed which reduces the risk considerably.

The org.glassfish:javax.el artifact was moved to org.glassfish:jakarta.el, which means a migration to get rid of the CVE.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)