[jira] [Commented] (APEXCORE-815) Whitelist CVE-2016-6811

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

[jira] [Commented] (APEXCORE-815) Whitelist CVE-2016-6811

JIRA jira@apache.org

    [ https://issues.apache.org/jira/browse/APEXCORE-815?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16476255#comment-16476255 ]

ASF GitHub Bot commented on APEXCORE-815:

vrozov opened a new pull request #601: APEXCORE-815 Whitelist CVE-2016-6811
URL: https://github.com/apache/apex-core/pull/601

This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[hidden email]

> Whitelist CVE-2016-6811
> -----------------------
>                 Key: APEXCORE-815
>                 URL: https://issues.apache.org/jira/browse/APEXCORE-815
>             Project: Apache Apex Core
>          Issue Type: Task
>            Reporter: Vlad Rozov
>            Assignee: Vlad Rozov
>            Priority: Major
>             Fix For: 4.0.0
> There is an old vulnerability in Yarn version 2.7.3 and below (please see [CVE-2016-6811|https://www.cvedetails.com/cve/CVE-2016-6811]) that was recently marked as severity 9 and now it breaks Apex build.  Based on my analysis, the vulnerability affects Yarn cluster itself (see [YARN-5121|https://issues.apache.org/jira/browse/YARN-5121]).

This message was sent by Atlassian JIRA