hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Andrew Wang (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (HADOOP-13198) Add support for OWASP's dependency-check
Date Wed, 25 May 2016 01:33:12 GMT

     [ https://issues.apache.org/jira/browse/HADOOP-13198?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel

Andrew Wang updated HADOOP-13198:
       Resolution: Fixed
    Fix Version/s: 2.8.0
           Status: Resolved  (was: Patch Available)

Great! I've committed this to trunk, branch-2, branch-2.8. Thanks Mike for finding and fixing
this, and Larry for discussion and review.

We need to triage the current plugin output to determine what is safe to ignore. Would one
of you be interested in taking this one? Then we can put together a wiki page and add it to
the release steps.

> Add support for OWASP's dependency-check
> ----------------------------------------
>                 Key: HADOOP-13198
>                 URL: https://issues.apache.org/jira/browse/HADOOP-13198
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: build, security
>    Affects Versions: 2.6.4
>            Reporter: Mike Yoder
>            Assignee: Mike Yoder
>            Priority: Minor
>             Fix For: 2.8.0
>         Attachments: HADOOP-13198.001.patch, hadoop-all-dependency-check-report.html
> OWASP's Dependency-Check is a utility that identifies project
> dependencies and checks if there are any known, publicly disclosed,
> vulnerabilities.
> See https://www.owasp.org/index.php/OWASP_Dependency_Check
> This is very useful to stay on top of known vulnerabilities in third party jars. Since
it's a maven plugin it's pretty easy to drop in.

This message was sent by Atlassian JIRA

To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org

View raw message