You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-dev@hadoop.apache.org by Steve Loughran <st...@hortonworks.com> on 2018/10/17 12:35:54 UTC
github reporting transient JAR risks
FYI, I got email from github today telling me that we need to bump up httpclient
Begin forwarded message:
From: GitHub <no...@github.com>>
Subject: [steveloughran/hadoop-trunk] One of your dependencies may have a security vulnerability
Date: 17 October 2018 at 01:13:30 BST
To: steveloughran/hadoop-trunk <ha...@noreply.github.com>>
Cc: Security alert <se...@noreply.github.com>>
Reply-To: steveloughran/hadoop-trunk <no...@github.com>>
[GitHub]<https://github.com/> Sign in<https://github.com/login>
steveloughran,
We found a potential security vulnerability in a repository for which you have been granted security alert access.
[@steveloughran] steveloughran/hadoop-trunk<https://github.com/steveloughran/hadoop-trunk>
Known moderate severity security vulnerability detected in org.apache.httpcomponents:httpclient < 4.3.6 defined in pom.xml<https://github.com/steveloughran/hadoop-trunk/blob/stevel/HADOOP-8545-swift/hadoop-project/pom.xml>.
pom.xml<https://github.com/steveloughran/hadoop-trunk/blob/stevel/HADOOP-8545-swift/hadoop-project/pom.xml> update suggested: org.apache.httpcomponents:httpclient ~> 4.3.6.
Always verify the validity and compatibility of suggestions with your codebase.
Review vulnerable dependency<https://github.com/steveloughran/hadoop-trunk/network/alert/hadoop-project/pom.xml/org.apache.httpcomponents:httpclient/open>
________________________________
Only users who have been assigned access to security alerts will receive these notifications.
Unsubscribe <https://github.com/notifications/unsubscribe-vulnerability/AAJ5KtMbNOecIR9rUT2OmXqf3co8yS8Tks5ulnYpgaJpZM4Xirdg> · Email preferences<https://github.com/settings/emails> · Terms<https://help.github.com/articles/github-terms-of-service/> · Privacy<https://help.github.com/articles/github-privacy-policy/> · Sign into GitHub<https://github.com/login>
GitHub, Inc.
88 Colin P Kelly Jr St.
San Francisco, CA 94107