hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kihwal Lee (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-12767) update apache httpclient version to 4.5.2; httpcore to 4.4.4
Date Tue, 13 Mar 2018 17:08:01 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-12767?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16397282#comment-16397282
] 

Kihwal Lee commented on HADOOP-12767:
-------------------------------------

[~shv], do you want to pull this in to 2.7 before the next release?  The 2015 CVE isn't too
bad, but there is an older one about MITM attack, which is more serious.

> update apache httpclient version to 4.5.2; httpcore to 4.4.4
> ------------------------------------------------------------
>
>                 Key: HADOOP-12767
>                 URL: https://issues.apache.org/jira/browse/HADOOP-12767
>             Project: Hadoop Common
>          Issue Type: Bug
>          Components: build
>    Affects Versions: 2.7.2
>            Reporter: Artem Aliev
>            Assignee: Artem Aliev
>            Priority: Major
>             Fix For: 2.8.0, 3.0.0-alpha1
>
>         Attachments: HADOOP-12767-branch-2-005.patch, HADOOP-12767-branch-2.004.patch,
HADOOP-12767-branch-2.005.patch, HADOOP-12767.001.patch, HADOOP-12767.002.patch, HADOOP-12767.003.patch,
HADOOP-12767.004.patch
>
>
> Various SSL security fixes are needed.  See:  CVE-2012-6153, CVE-2011-4461, CVE-2014-3577,
CVE-2015-5262.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org


Mime
View raw message