Description
Now the version is 0.8.2.1 and it has net.jpountz.lz4:lz4:1.2.0 dependency, which is vulnerable. (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4611)
Let's upgrade.
Attachments
Issue Links
- relates to
-
HADOOP-17917 Backport HADOOP-15993 to branch-3.2 which address CVE-2014-4611
- Resolved
-
HADOOP-9991 Fix up Hadoop POMs, roll up JARs to latest versions
- Open
- links to