upgrade hadoop version to 3.3.5 to resolve CVE-2019-10202 (#3896)

### Motivation There is a critical CVE-2019-10202 in `org.codehaus.jackson:jackson-mapper-asl` Detailed paths Introduced through: org.apache.distributedlog:[email protected] › org.apache.hadoop:[email protected] › org.apache.avro:[email protected] › org.codehaus.jackson:[email protected] Fix: No remediation path available. Introduced through: org.apache.distributedlog:[email protected] › org.apache.hadoop:[email protected] › com.sun.jersey:[email protected] › org.codehaus.jackson:[email protected] Fix: No remediation path available. Introduced through: org.apache.distributedlog:[email protected] › org.apache.hadoop:[email protected] › com.sun.jersey:[email protected] › org.codehaus.jackson:[email protected] › org.codehaus.jackson:[email protected] Fix: No remediation path available. Introduced through: org.apache.distributedlog:[email protected] › org.apache.hadoop:[email protected] › com.sun.jersey:[email protected] › org.codehaus.jackson:[email protected] › org.codehaus.jackson:[email protected] Fix: No remediation path available. ### Changes Upgrade hadoop-common version from 3.3.4 to 3.3.5 to resolve this CVE
apache · Mar 29, 2023 · 0171a40 · 0171a40
1 parent 164417a
commit 0171a40
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/pom.xml b/pom.xml
@@ -135,7 +135,7 @@
     <grpc.version>1.47.0</grpc.version>
     <guava.version>31.0.1-jre</guava.version>
     <kerby.version>1.1.1</kerby.version>
-    <hadoop.version>3.3.4</hadoop.version>
+    <hadoop.version>3.3.5</hadoop.version>
     <hamcrest.version>1.3</hamcrest.version>
     <hdrhistogram.version>2.1.10</hdrhistogram.version>
     <jackson.version>2.13.4.20221013</jackson.version>