You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@apex.apache.org by th...@apache.org on 2018/05/16 13:43:17 UTC
[apex-core] branch master updated: APEXCORE-815 Whitelist
CVE-2016-6811
This is an automated email from the ASF dual-hosted git repository.
thw pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/apex-core.git
The following commit(s) were added to refs/heads/master by this push:
new 805aba3 APEXCORE-815 Whitelist CVE-2016-6811
805aba3 is described below
commit 805aba30b5b84e39cf6dda8c6d5a805a3c880c60
Author: Vlad Rozov <vr...@apache.org>
AuthorDate: Tue May 15 10:52:20 2018 -0700
APEXCORE-815 Whitelist CVE-2016-6811
---
dependency-check-whitelist.xml | 3 +++
docs/application_development.md | 3 ++-
2 files changed, 5 insertions(+), 1 deletion(-)
diff --git a/dependency-check-whitelist.xml b/dependency-check-whitelist.xml
index 700c986..a8c4fbc 100644
--- a/dependency-check-whitelist.xml
+++ b/dependency-check-whitelist.xml
@@ -20,4 +20,7 @@
-->
<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.1.xsd">
+ <suppress>
+ <cve>CVE-2016-6811</cve>
+ </suppress>
</suppressions>
diff --git a/docs/application_development.md b/docs/application_development.md
index 6bfa3fd..f3398e2 100644
--- a/docs/application_development.md
+++ b/docs/application_development.md
@@ -695,7 +695,8 @@ submitted to the Hadoop cluster and executes as a multi-processapplication on
Before you start deploying, testing and troubleshooting your
application on a cluster, you should ensure that Hadoop (version 2.6.0
or later) is properly installed and
-you have basic skills for working with it.
+you have basic skills for working with it. Due to a known vulnerability in Apache Yarn, Apex community
+recommends Hadoop version 2.7.4 or later.
------------------------------------------------------------------------
--
To stop receiving notification emails like this one, please contact
thw@apache.org.