[apex-core] branch master updated: APEXCORE-815 Whitelist CVE-2016-6811

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

[apex-core] branch master updated: APEXCORE-815 Whitelist CVE-2016-6811

This is an automated email from the ASF dual-hosted git repository.

thw pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/apex-core.git

The following commit(s) were added to refs/heads/master by this push:
     new 805aba3  APEXCORE-815 Whitelist CVE-2016-6811
805aba3 is described below

commit 805aba30b5b84e39cf6dda8c6d5a805a3c880c60
Author: Vlad Rozov <[hidden email]>
AuthorDate: Tue May 15 10:52:20 2018 -0700

    APEXCORE-815 Whitelist CVE-2016-6811
 dependency-check-whitelist.xml  | 3 +++
 docs/application_development.md | 3 ++-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/dependency-check-whitelist.xml b/dependency-check-whitelist.xml
index 700c986..a8c4fbc 100644
--- a/dependency-check-whitelist.xml
+++ b/dependency-check-whitelist.xml
@@ -20,4 +20,7 @@
 <suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.1.xsd">
+  <suppress>
+    <cve>CVE-2016-6811</cve>
+  </suppress>
diff --git a/docs/application_development.md b/docs/application_development.md
index 6bfa3fd..f3398e2 100644
--- a/docs/application_development.md
+++ b/docs/application_development.md
@@ -695,7 +695,8 @@ submitted to the Hadoop cluster and executes as a  multi-processapplication on 
 Before you start deploying, testing and troubleshooting your
 application on a cluster, you should ensure that Hadoop (version 2.6.0
 or later) is properly installed and
-you have basic skills for working with it.
+you have basic skills for working with it. Due to a known vulnerability in Apache Yarn, Apex community
+recommends Hadoop version 2.7.4 or later.

To stop receiving notification emails like this one, please contact
[hidden email].