[
https://issues.apache.org/jira/browse/HBASE-29650?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Istvan Toth updated HBASE-29650:
--------------------------------
Description:
There is a CVE for 9.0.107
It does not actually affect us (as we only use jasper, not the web server), but
using the latest won't hurt and will reduce the chances of false positives from
static scanners etc.
branch 3+ was updated to 9.0.107 as part of the Jetty upgrade, branch-2.x is
still on 9.0.104. We should be able to use the latest 9.0.110 on both.
was:
There is a CVE for 9.0.107
It does not actually affect us (as we only use jasper, not web server), but
using the latest won't hurt and will reduce the chances of false positives from
static scanners etc.
branch 3+ was updated to 9.0.107 as part of the Jetty upgrade, branch-2.x is
still on 9.0.104. We should be able to use the latest 9.0.110 on both.
> Upgrade tomcat-jasper to 9.0.110
> --------------------------------
>
> Key: HBASE-29650
> URL: https://issues.apache.org/jira/browse/HBASE-29650
> Project: HBase
> Issue Type: Improvement
> Components: security, UI
> Reporter: Istvan Toth
> Assignee: Istvan Toth
> Priority: Major
> Labels: pull-request-available
>
> There is a CVE for 9.0.107
> It does not actually affect us (as we only use jasper, not the web server),
> but using the latest won't hurt and will reduce the chances of false
> positives from static scanners etc.
> branch 3+ was updated to 9.0.107 as part of the Jetty upgrade, branch-2.x is
> still on 9.0.104. We should be able to use the latest 9.0.110 on both.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
