[HADOOP-19114] upgrade to commons-compress 1.26.1 due to cves - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 3.4.0
Fix Version/s: 3.5.0, 3.4.1
Component/s: build, CVE
Labels:
- pull-request-available

Description

2 recent CVEs fixed - https://mvnrepository.com/artifact/org.apache.commons/commons-compress

Important: Denial of Service CVE-2024-25710
Moderate: Denial of Service CVE-2024-26308

Attachments

Issue Links

links to

GitHub Pull Request #6636

GitHub Pull Request #6867

Activity

People

Assignee:: PJ Fanning

Reporter:: PJ Fanning

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 18/Mar/24 22:48

Updated:: 07/Jun/24 13:17

Resolved:: 07/Jun/24 13:17