[jira] [Commented] (HADOOP-17844) Upgrade JSON smart to 2.4.7

Steve Loughran (Jira) Wed, 01 Mar 2023 11:01:03 -0800


    [ 
https://issues.apache.org/jira/browse/HADOOP-17844?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17695268#comment-17695268
 ]


Steve Loughran commented on HADOOP-17844:
-----------------------------------------

these are all the json jars of any kind in hadoop-3.3.
j
{code}
hadoop-3.3.5 find . -print | grep "\.jar" | grep json
./share/hadoop/yarn/lib/jackson-jaxrs-json-provider-2.12.7.jar
./share/hadoop/yarn/lib/json-io-2.5.1.jar
./share/hadoop/common/lib/jersey-json-1.20.jar
./share/hadoop/common/lib/json-smart-2.4.7.jar
./share/hadoop/hdfs/lib/jersey-json-1.20.jar
./share/hadoop/hdfs/lib/json-simple-1.1.1.jar
./share/hadoop/hdfs/lib/json-smart-2.4.7.jar

{code}


> Upgrade JSON smart to 2.4.7
> ---------------------------
>
>                 Key: HADOOP-17844
>                 URL: https://issues.apache.org/jira/browse/HADOOP-17844
>             Project: Hadoop Common
>          Issue Type: Bug
>            Reporter: Renukaprasad C
>            Assignee: Renukaprasad C
>            Priority: Major
>              Labels: pull-request-available
>             Fix For: 3.4.0, 3.2.3, 3.3.2
>
>          Time Spent: 1h 40m
>  Remaining Estimate: 0h
>
> Currently we are using JSON Smart 2.4.2 version which is vulnerable to - 
> CVE-2021-31684.
> We can upgrade the version to 2.4.7 (2.4.5 or later).



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[jira] [Commented] (HADOOP-17844) Upgrade JSON smart to 2.4.7

Reply via email to