Details
-
Improvement
-
Status: Closed
-
Critical
-
Resolution: Duplicate
-
None
-
None
-
None
-
RHEL7
Hadoop 3
flume 1.11.0
Description
We have some HIGH CVEs which are coming from hadoop-client-runtime 3.3.4 and hence we need to address those
com.fasterxml.jackson.core:jackson-databind causing CVE-2022-42003 and CVE-2022-42004
(org.apache.hadoop_hadoop-client-runtime-3.3.4.jar)
com.google.protobuf:protobuf-java
(org.apache.hadoop_hadoop-client-runtime-3.3.4.jar) causing CVE-2021-22569, CVE-2021-22570, CVE-2022-3509 and CVE-2022-3510
net.minidev:json-smart causing CVE-2021-31684, CVE-2023-1370
(org.apache.hadoop_hadoop-client-runtime-3.3.4.jar)
org.apache.avro:avro
(org.apache.hadoop_hadoop-client-runtime-3.3.4.jar) causing CVE-2023-39410
org.apache.commons:commons-compress causing CVE-2024-25710, CVE-2024-26308
(org.apache.hadoop_hadoop-client-runtime-3.3.4.jar)
Most of these have gone in hadoop client runtime 3.4.0
Is there a plan to support hadoop 3.4.0 ?
Attachments
Issue Links
- is a clone of
-
SPARK-47766 Extend spark 3.5.1 to support hadoop-client-api 3.4.0, hadoop-client-runtime-3.4.0
- Open
-
FLUME-3470 Upgrade Kafka-clients jar to 3.4.0 in project flume-kafka
- Resolved