Mykyta Danylchenko created HADOOP-19830:
-------------------------------------------
Summary: AWS SDK v1 dependencies in hadoop-aws library
Key: HADOOP-19830
URL: https://issues.apache.org/jira/browse/HADOOP-19830
Project: Hadoop Common
Issue Type: Improvement
Components: hadoop-aws
Affects Versions: 3.4.3
Reporter: Mykyta Danylchenko
The `hadoop-aws`
[library|https://mvnrepository.com/artifact/org.apache.hadoop/hadoop-aws]
contains a dependency on the `com.amazonaws:aws-java-sdk-core` library, which
AWS no longer patches, including for security vulnerabilities. This forces
every downstream consumer, for example
[spark-core|https://mvnrepository.com/artifact/org.apache.spark/spark-core], to
carry an end-of-life dependency with no remediation path, resulting in
unpatched vulnerabilities and compliance failures.
It would be great to replace `aws-java-sdk-core` with the equivalent
counterpart from AWS SDK for Java 2.x.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
