Details
-
Task
-
Status: Open
-
Trivial
-
Resolution: Unresolved
-
3.0.0-alpha-4, 2.5.5, 2.4.18
-
None
-
None
-
None
Description
The javax.el artifact contains a CVE: CVE-2021-28170. The CVE itself is not a big issue since we're pre-compiling our JSP pages when building HBase, no user input is parsed which reduces the risk considerably.
The org.glassfish:javax.el artifact was moved to org.glassfish:jakarta.el, which means a migration to get rid of the CVE.
Attachments
Issue Links
- is related to
-
HBASE-28070 Replace javax.servlet.jsp dependency with tomcat-jasper
- Patch Available