Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-18477 Über-jira: S3A Hadoop 3.3.9 features
  3. HADOOP-18763

Upgrade aws-java-sdk to 1.12.367+

    XMLWordPrintableJSON

Details

    • Sub-task
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 3.3.5
    • 3.3.6
    • fs/s3

    Description

      aws sdk bundle < 1.12.367 uses a vulnerable versions of netty which is pulling in high severity CVE and creating unhappiness in security scans, even if s3a doesn't use that lib.

      The safe version for netty is netty:4.1.86.Final and this is used by aws-java-adk:1.12.367+

      Attachments

        Issue Links

          is depended upon by

          Task - A task that needs to be done. HADOOP-18760 3.3.6 Release NOTICE and LICENSE file update

          • Blocker - Blocks development and/or testing work, production could not run
          • Open

          Task - A task that needs to be done. HADOOP-18765 Release 3.3.6

          • Major - Major loss of function.
          • Resolved
          links to

          Web Link GitHub Pull Request #5741

          Activity

            People

              vjasani Viraj Jasani
              stevel@apache.org Steve Loughran
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: