There is a vulnerability in Apache Hadoop 2.7.3 ,upgrade recommended

QiAnXinCodeSafe opened this issue 3 years ago · 1 comments

QiAnXinCodeSafe commented 3 years ago

mantis/mantis-connectors/mantis-connector-iceberg/build.gradle

Line 21 in 9482978

hadoopVersion = '2.7.3'

CVE-2017-15718 CVE-2018-8009 CVE-2020-9492 CVE-2016-6811 CVE-2018-8029

Recommended upgrade version：2.10.1

jeffchao commented 3 years ago

Thanks for raising this, though this lib needs to keep parity with Iceberg 0.9 https://github.com/apache/iceberg/blob/0.9.x/versions.lock. We'll address this in lockstep with Iceberg releases. Closing this for now. fyi @calvin681 for vis.