You are viewing a plain text version of this content. The canonical link for it is here.

Posted to common-issues@hadoop.apache.org by "David Quigley (Jira)" <ji...@apache.org> on 2022/02/02 17:42:00 UTC

[jira] [Comment Edited] (HADOOP-18108) is there any plan to fix the vulnerabilities in hadoop-common

    [ https://issues.apache.org/jira/browse/HADOOP-18108?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17485932#comment-17485932 ] 

David Quigley edited comment on HADOOP-18108 at 2/2/22, 5:41 PM:
-----------------------------------------------------------------

[~weichiu] I was looking into updating some of these dependencies and it wasn't clear where the hadoop-common build declares the version for its dependencies. Could you point me in the right direction.


was (Author: JIRAUSER284557):
[~weichiu] I looking into updating some of these dependencies and it wasn't clear where the hadoop-common build declares the version for its dependencies. Could you point me in the right direction.

> is there any plan to fix the vulnerabilities in hadoop-common
> -------------------------------------------------------------
>
>                 Key: HADOOP-18108
>                 URL: https://issues.apache.org/jira/browse/HADOOP-18108
>             Project: Hadoop Common
>          Issue Type: Wish
>          Components: common
>    Affects Versions: 3.3.1
>            Reporter: Miguel Costa
>            Priority: Major
>
> Hi all, I use a library that is using hadoop-commons as dependency in quite an old version.
> anyway I was trying to upgrate it to the latest version and found that still there, there are some problems in hadoop commons.
> I can see them even in maven 
> [https://mvnrepository.com/artifact/org.apache.hadoop/hadoop-common/3.3.1]
>  
> [CVE-2022-23305|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23305]
> [CVE-2022-23302|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23302]
> [CVE-2021-4104|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4104]
> [CVE-2021-36374|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36374]
> [CVE-2021-36090|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36090]
> [CVE-2021-35516|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35516]
> [CVE-2021-34429|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34429]
> [CVE-2021-22569|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22569]
> [CVE-2020-15522|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15522]
>  
> Anyway I'm definitely not an expert on this but is there plans to fix this vulnerabilities? 
> Or is this library not to be used anymore and we need to migrate to something else?
> Thanks for any feedback 



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org