You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@bookkeeper.apache.org by "hangc0276 (via GitHub)" <gi...@apache.org> on 2023/03/29 02:14:41 UTC

[GitHub] [bookkeeper] hangc0276 opened a new pull request, #3896: upgrade hadoop version to 3.3.5 to resolve CVE-2019-10202

hangc0276 opened a new pull request, #3896:
URL: https://github.com/apache/bookkeeper/pull/3896

   ### Motivation
   There is a critical CVE-2019-10202 in `org.codehaus.jackson:jackson-mapper-asl`
   
   Detailed paths
   Introduced through: org.apache.distributedlog:dlfs@4.16.0-SNAPSHOT › org.apache.hadoop:hadoop-common@3.3.4 › org.apache.avro:avro@1.7.7 › org.codehaus.jackson:jackson-mapper-asl@1.9.2
   Fix: No remediation path available.
   Introduced through: org.apache.distributedlog:dlfs@4.16.0-SNAPSHOT › org.apache.hadoop:hadoop-common@3.3.4 › com.sun.jersey:jersey-json@1.19 › org.codehaus.jackson:jackson-mapper-asl@1.9.2
   Fix: No remediation path available.
   Introduced through: org.apache.distributedlog:dlfs@4.16.0-SNAPSHOT › org.apache.hadoop:hadoop-common@3.3.4 › com.sun.jersey:jersey-json@1.19 › org.codehaus.jackson:jackson-jaxrs@1.9.2 › org.codehaus.jackson:jackson-mapper-asl@1.9.2
   Fix: No remediation path available.
   Introduced through: org.apache.distributedlog:dlfs@4.16.0-SNAPSHOT › org.apache.hadoop:hadoop-common@3.3.4 › com.sun.jersey:jersey-json@1.19 › org.codehaus.jackson:jackson-xc@1.9.2 › org.codehaus.jackson:jackson-mapper-asl@1.9.2
   Fix: No remediation path available.
   
   ### Changes
   Upgrade hadoop-common version from 3.3.4 to 3.3.5 to resolve this CVE


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@bookkeeper.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [bookkeeper] hangc0276 merged pull request #3896: Upgrade hadoop version to 3.3.5 to resolve CVE-2019-10202

Posted by "hangc0276 (via GitHub)" <gi...@apache.org>.

hangc0276 merged PR #3896:
URL: https://github.com/apache/bookkeeper/pull/3896


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@bookkeeper.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org