[jira] [Resolved] (APEXCORE-815) Whitelist CVE-2016-6811

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[jira] [Resolved] (APEXCORE-815) Whitelist CVE-2016-6811

JIRA jira@apache.org

     [ https://issues.apache.org/jira/browse/APEXCORE-815?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Thomas Weise resolved APEXCORE-815.
-----------------------------------
    Resolution: Fixed

> Whitelist CVE-2016-6811
> -----------------------
>
>                 Key: APEXCORE-815
>                 URL: https://issues.apache.org/jira/browse/APEXCORE-815
>             Project: Apache Apex Core
>          Issue Type: Task
>            Reporter: Vlad Rozov
>            Assignee: Vlad Rozov
>            Priority: Major
>             Fix For: 4.0.0
>
>
> There is an old vulnerability in Yarn version 2.7.3 and below (please see [CVE-2016-6811|https://www.cvedetails.com/cve/CVE-2016-6811]) that was recently marked as severity 9 and now it breaks Apex build.  Based on my analysis, the vulnerability affects Yarn cluster itself (see [YARN-5121|https://issues.apache.org/jira/browse/YARN-5121]).



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)