[
https://issues.apache.org/jira/browse/HADOOP-15970?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Akira Ajisaka updated HADOOP-15970:
-----------------------------------
Resolution: Fixed
Fix Version/s: 3.2.1
3.1.2
3.3.0
3.0.4
Status: Resolved (was: Patch Available)
Committed this to trunk, branch-3.2, branch-3.1, and branch-3.0. Thanks
[[email protected]]!
> Upgrade plexus-utils from 2.0.5 to 3.1.0
> ----------------------------------------
>
> Key: HADOOP-15970
> URL: https://issues.apache.org/jira/browse/HADOOP-15970
> Project: Hadoop Common
> Issue Type: Bug
> Components: security
> Reporter: Akira Ajisaka
> Assignee: Akira Ajisaka
> Priority: Major
> Fix For: 3.0.4, 3.3.0, 3.1.2, 3.2.1
>
> Attachments: HADOOP-15970.01.patch
>
>
> Apache Hadoop uses plexus-utils 2.0.5 and it is vulnerable.
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000487
> Let's update the version or remove the usage of this library.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
