Uploaded image for project: 'HBase'
  1. HBase
  2. HBASE-28250

Bump jruby to 9.4.5.0 and related joni and jcodings

    XMLWordPrintableJSON

Details

    • Task
    • Status: Open
    • Major
    • Resolution: Unresolved
    • None
    • None
    • jruby
    • None

    Description

      As a follow up of HBASE-28249, we want to bump to latest 9.4.x line here. 

      This release line drops critical snakeyaml CVE (org.yaml : snakeyaml : 1.33 having CVE-2022-1471) from our classpath with following change along with several other bugs/fixes: 

      • The Psych YAML library is updated to 5.1.0. This version switches the JRuby extension to SnakeYAML Engine, avoiding CVEs against the original SnakeYAML and updating YAML compatibility to specification version 1.2. #6365#7570#7626

      NOTE: JRuby 9.4.x targets Ruby 3.1 compatibility instead of Ruby 2.6 which 9.3.x were having!

      Attachments

        Issue Links

          is a clone of

          Task - A task that needs to be done. HBASE-28249 Bump jruby to 9.3.13.0 and related joni and jcodings to 2.2.1 and 1.0.58 respectively

          • Major - Major loss of function.
          • Resolved

          Activity

            People

              nihaljain.cs Nihal Jain
              nihaljain.cs Nihal Jain
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated: