You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@ratis.apache.org by "Tsz Wo Nicholas Sze (JIRA)" <ji...@apache.org> on 2018/08/07 18:27:01 UTC
[jira] [Created] (RATIS-294) Fix ratis-hadoop CVEs
Tsz Wo Nicholas Sze created RATIS-294:
-----------------------------------------
Summary: Fix ratis-hadoop CVEs
Key: RATIS-294
URL: https://issues.apache.org/jira/browse/RATIS-294
Project: Ratis
Issue Type: Improvement
Components: HadoopRPC
Reporter: Tsz Wo Nicholas Sze
There are multiple CVEs found in ratis-hadoop.
- CVE-2012-4449 | High org.apache.ratis:ratis-hadoop:0.3.0-SNAPSHOT
- CVE-2016-5001 | Low org.apache.ratis:ratis-hadoop:0.3.0-SNAPSHOT
- CVE-2017-3161 | Medium org.apache.ratis:ratis-hadoop:0.3.0-SNAPSHOT
- CVE-2017-3162 | High org.apache.ratis:ratis-hadoop:0.3.0-SNAPSHOT
It is very likely that the CVEs come from the Hadoop dependency. We should either update the Hadoop version or temporarily remove Hadoop dependency in order to fix the CVEs.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)