Skip to content

Commit c14d552

Browse files
hangc0276hangc0276
committed
upgrade hadoop version to 3.3.5 to resolve CVE-2019-10202 (#3896)
### Motivation There is a critical CVE-2019-10202 in `org.codehaus.jackson:jackson-mapper-asl` Detailed paths Introduced through: org.apache.distributedlog:[email protected] › org.apache.hadoop:[email protected] › org.apache.avro:[email protected] › org.codehaus.jackson:[email protected] Fix: No remediation path available. Introduced through: org.apache.distributedlog:[email protected] › org.apache.hadoop:[email protected] › com.sun.jersey:[email protected] › org.codehaus.jackson:[email protected] Fix: No remediation path available. Introduced through: org.apache.distributedlog:[email protected] › org.apache.hadoop:[email protected] › com.sun.jersey:[email protected] › org.codehaus.jackson:[email protected] › org.codehaus.jackson:[email protected] Fix: No remediation path available. Introduced through: org.apache.distributedlog:[email protected] › org.apache.hadoop:[email protected] › com.sun.jersey:[email protected] › org.codehaus.jackson:[email protected] › org.codehaus.jackson:[email protected] Fix: No remediation path available. ### Changes Upgrade hadoop-common version from 3.3.4 to 3.3.5 to resolve this CVE (cherry picked from commit 0171a40)
1 parent 9b5a810 commit c14d552

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

Diff for: pom.xml

+1-1
Original file line numberDiff line numberDiff line change
@@ -135,7 +135,7 @@
135135
<grpc.version>1.47.0</grpc.version>
136136
<guava.version>31.0.1-jre</guava.version>
137137
<kerby.version>1.1.1</kerby.version>
138-
<hadoop.version>3.3.4</hadoop.version>
138+
<hadoop.version>3.3.5</hadoop.version>
139139
<hamcrest.version>1.3</hamcrest.version>
140140
<hdrhistogram.version>2.1.10</hdrhistogram.version>
141141
<jackson.version>2.13.4.20221013</jackson.version>

0 commit comments

Comments
 (0)