[jira] [Work logged] (HADOOP-18309) Upgrade bundled Tomcat to 8.5.76 or higher

Tue, 21 Jun 2022 03:49:06 -0700 


     [ 
https://issues.apache.org/jira/browse/HADOOP-18309?focusedWorklogId=783319&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-783319
 ]

ASF GitHub Bot logged work on HADOOP-18309:
-------------------------------------------

                Author: ASF GitHub Bot
            Created on: 21/Jun/22 10:48
            Start Date: 21/Jun/22 10:48
    Worklog Time Spent: 10m 
      Work Description: ashutoshcipher opened a new pull request, #4479:
URL: https://github.com/apache/hadoop/pull/4479

   <!--
     Thanks for sending a pull request!
       1. If this is your first time, please read our contributor guidelines: 
https://cwiki.apache.org/confluence/display/HADOOP/How+To+Contribute
       2. Make sure your PR title starts with JIRA issue id, e.g., 
'HADOOP-17799. Your PR title ...'.
   -->
   
   ### Description of PR
   Upgrade bundled Tomcat to 8.5.81. Current version 8.5.75 is affected by 
CVE-2022-25762
   
   More details - 
https://lists.apache.org/thread/qzkqh2819x6zsmj7vwdf14ng2fdgckw7
   
   * JIRA: HADOOP-18309
   
   
   ### For code changes:
   
   - [X] Does the title or this PR starts with the corresponding JIRA issue id 
(e.g. 'HADOOP-17799. Your PR title ...')?
   - [X] Object storage: have the integration tests been executed and the 
endpoint declared according to the connector-specific documentation?
   - [X] If adding new dependencies to the code, are these dependencies 
licensed in a way that is compatible for inclusion under [ASF 
2.0](http://www.apache.org/legal/resolved.html#category-a)?
   - [X] If applicable, have you updated the `LICENSE`, `LICENSE-binary`, 
`NOTICE-binary` files?
   
   




Issue Time Tracking
-------------------

            Worklog Id:     (was: 783319)
    Remaining Estimate: 0h
            Time Spent: 10m

> Upgrade bundled Tomcat to 8.5.76 or higher
> ------------------------------------------
>
>                 Key: HADOOP-18309
>                 URL: https://issues.apache.org/jira/browse/HADOOP-18309
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: httpfs, kms
>    Affects Versions: 2.10.1, 2.10.2
>            Reporter: Ashutosh Gupta
>            Assignee: Ashutosh Gupta
>            Priority: Critical
>          Time Spent: 10m
>  Remaining Estimate: 0h
>
> Currently we are using 8.5.75 which is affected by 
> {color:#222233}CVE-2022-25762{color}
> More Details - 
> [https://lists.apache.org/thread/qzkqh2819x6zsmj7vwdf14ng2fdgckw7]
> Lets upgrade  8.5.76 or higher
>  
>  



--
This message was sent by Atlassian Jira
(v8.20.7#820007)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to