You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@pulsar.apache.org by GitBox <gi...@apache.org> on 2022/04/20 21:00:46 UTC

[GitHub] [pulsar] nicoloboschi opened a new pull request, #15242: [fix][security] Upgrade hadoop-client to 3.3.2 to get rid of CVE-2022-26612

nicoloboschi opened a new pull request, #15242:
URL: https://github.com/apache/pulsar/pull/15242

   ### Motivation
   Hadoop-client 3.3.1 has an CVE with a critical vulnerability. https://nvd.nist.gov/vuln/detail/CVE-2022-26612  
   
   ### Modifications
   
   * Upgrade hadoop-client to from 3.3.1 to 3.3.2 (latest)
   
   - [x] `no-need-doc` 


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [pulsar] nicoloboschi commented on pull request #15242: [fix][security] Upgrade hadoop-client to 3.3.2 to get rid of CVE-2022-26612

Posted by GitBox <gi...@apache.org>.

nicoloboschi commented on PR #15242:
URL: https://github.com/apache/pulsar/pull/15242#issuecomment-1104518156

   my bad. the upgrade doesn't fix the vulnerability. the CVE fix is still on early stage https://lists.apache.org/thread/hslo7wzw2449gv1jyjk8g6ttd7935fyz 


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [pulsar] nicoloboschi closed pull request #15242: [fix][security] Upgrade hadoop-client to 3.3.2 to get rid of CVE-2022-26612

Posted by GitBox <gi...@apache.org>.

nicoloboschi closed pull request #15242: [fix][security] Upgrade hadoop-client to 3.3.2 to get rid of CVE-2022-26612
URL: https://github.com/apache/pulsar/pull/15242


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org