[
https://issues.apache.org/jira/browse/HADOOP-18622?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17685299#comment-17685299
]
Aleksandr Nikolaev commented on HADOOP-18622:
---------------------------------------------
[~groot] At the moment, it seems that this dependency is not particularly used
at all and the old version is displayed in tests. I attached the
dependency:tree output [^hadoop_dep.log]
[INFO] +- org.apache.hadoop:hadoop-common:test-jar:tests:2.8.5:test
[INFO] +- org.apache.hadoop:hadoop-hdfs:jar:2.8.5:test
[INFO] | +- commons-daemon:commons-daemon:jar:1.0.13:test
[INFO] | +- io.netty:netty:jar:3.6.2.Final:test
[INFO] | \- xerces:xercesImpl:jar:2.9.1:test
[INFO] | \- xml-apis:xml-apis:jar:1.3.04:test
> Upgrade ant to 1.10.13
> ----------------------
>
> Key: HADOOP-18622
> URL: https://issues.apache.org/jira/browse/HADOOP-18622
> Project: Hadoop Common
> Issue Type: Improvement
> Reporter: Aleksandr Nikolaev
> Assignee: Ashutosh Gupta
> Priority: Major
> Labels: pull-request-available
> Attachments: hadoop_dep.log
>
>
> lnerabilities reported in org.apache.ant:ant:1.10.11
> *
> [CVE-2022-23437|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23437]
> *
> [CVE-2020-14338|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14338]
> suggested: org.apache.ant:ant ~> 1.10.13
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
