[
https://issues.apache.org/jira/browse/HADOOP-13198?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Andrew Wang updated HADOOP-13198:
---------------------------------
Resolution: Fixed
Fix Version/s: 2.8.0
Status: Resolved (was: Patch Available)
Great! I've committed this to trunk, branch-2, branch-2.8. Thanks Mike for
finding and fixing this, and Larry for discussion and review.
We need to triage the current plugin output to determine what is safe to
ignore. Would one of you be interested in taking this one? Then we can put
together a wiki page and add it to the release steps.
> Add support for OWASP's dependency-check
> ----------------------------------------
>
> Key: HADOOP-13198
> URL: https://issues.apache.org/jira/browse/HADOOP-13198
> Project: Hadoop Common
> Issue Type: Improvement
> Components: build, security
> Affects Versions: 2.6.4
> Reporter: Mike Yoder
> Assignee: Mike Yoder
> Priority: Minor
> Fix For: 2.8.0
>
> Attachments: HADOOP-13198.001.patch,
> hadoop-all-dependency-check-report.html
>
>
> OWASP's Dependency-Check is a utility that identifies project
> dependencies and checks if there are any known, publicly disclosed,
> vulnerabilities.
> See https://www.owasp.org/index.php/OWASP_Dependency_Check
> This is very useful to stay on top of known vulnerabilities in third party
> jars. Since it's a maven plugin it's pretty easy to drop in.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
