You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@asterixdb.apache.org by "Hussain Towaileb (Jira)" <ji...@apache.org> on 2023/08/07 12:18:00 UTC

[jira] [Updated] (ASTERIXDB-3058) Remove jetty-util 9.4.48 manual overrides after upgrading hadoop to 3.3.6

     [ https://issues.apache.org/jira/browse/ASTERIXDB-3058?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Hussain Towaileb updated ASTERIXDB-3058:
----------------------------------------
    Description: 
In issue https://issues.apache.org/jira/browse/ASTERIXDB-3057

jetty-util is excluded from hadoop 3.3.2 transitive dependencies and version 9.4.48 is imported manually to avoid existing CVEs. We should remove the manual overrides once we upgrade to hadoop 3.3.6 which addresses the CVEs.

 

Change:

[https://asterix-gerrit.ics.uci.edu/c/asterixdb/+/17043]

 

  was:
In issue https://issues.apache.org/jira/browse/ASTERIXDB-3057

jetty-util is excluded from hadoop 3.3.2 transitive dependencies and version 9.4.48 is imported manually to avoid existing CVEs. We should remove the manual overrides once we upgrade to hadoop 3.3.4 which addresses the CVEs.

 

Change:

[https://asterix-gerrit.ics.uci.edu/c/asterixdb/+/17043]

 


> Remove jetty-util 9.4.48 manual overrides after upgrading hadoop to 3.3.6
> -------------------------------------------------------------------------
>
>                 Key: ASTERIXDB-3058
>                 URL: https://issues.apache.org/jira/browse/ASTERIXDB-3058
>             Project: Apache AsterixDB
>          Issue Type: Task
>          Components: OTH - Other
>    Affects Versions: 0.9.9
>            Reporter: Hussain Towaileb
>            Assignee: Hussain Towaileb
>            Priority: Major
>             Fix For: 0.9.9
>
>
> In issue https://issues.apache.org/jira/browse/ASTERIXDB-3057
> jetty-util is excluded from hadoop 3.3.2 transitive dependencies and version 9.4.48 is imported manually to avoid existing CVEs. We should remove the manual overrides once we upgrade to hadoop 3.3.6 which addresses the CVEs.
>  
> Change:
> [https://asterix-gerrit.ics.uci.edu/c/asterixdb/+/17043]
>  



--
This message was sent by Atlassian Jira
(v8.20.10#820010)