Details
-
Task
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
None
-
None
-
Reviewed
Description
Given branch-2 including branch-2.6 is already on 9.3.9.0, we should bump to at least 9.3.13.0. This will fix the bundled org.bouncycastle : bcprov-jdk18on : 1.71 having CVE-2023-33201 from our classpath for the least.
As a follow up can try to bump to latest 9.4.x line. Otherwise I can try to work directly on HBASE-28250 as well, although this may not be straight forward and would require some good testing.
Please let me know what others think.
Attachments
Issue Links
- is cloned by
-
HBASE-28250 Bump jruby to 9.4.5.0 and related joni and jcodings
- Open
- supercedes
-
HBASE-27921 Bump up jruby to 9.4.2.0 and related joni and jcodings to 2.1.48 and 1.0.58 respectively
- Resolved
- links to