Uploaded image for project: 'HBase'
  1. HBase
  2. HBASE-27817

Migrate javax.el:3.0.1-b08 to jakarta.el-4.0.2

    XMLWordPrintableJSON

Details

    • Task
    • Status: Open
    • Trivial
    • Resolution: Unresolved
    • 3.0.0-alpha-4, 2.5.5, 2.4.18
    • None
    • None
    • None

    Description

      The javax.el artifact contains a CVE: CVE-2021-28170. The CVE itself is not a big issue since we're pre-compiling our JSP pages when building HBase, no user input is parsed which reduces the risk considerably.

      The org.glassfish:javax.el artifact was moved to org.glassfish:jakarta.el, which means a migration to get rid of the CVE.

      Attachments

        Issue Links

          is related to

          Improvement - An improvement or enhancement to an existing feature or task. HBASE-28070 Replace javax.servlet.jsp dependency with tomcat-jasper

          • Major - Major loss of function.
          • Patch Available

          Activity

            People

              Unassigned Unassigned
              wesiq Wes Schuitema
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated: