Fixed issues in HBase
This section lists the issues that have been fixed since the previous version.
- CDPD-7356: Upgrade to Guava 28.1 to avoid CVE-2018-10237
- HBase and HBase connectors has been upgraded to use Guava version 28.1 to avoid CVE-2018-10237.
- CDPD-10091: Upgrade jackson-databind to version 2.9.10.4 to resolve multiple CVEs
-
Upgraded Jackson Databind to 2.9.10.4 to address to following CVEs: CVE-2020-9547, CVE-2020-11111, CVE-2020-10672, CVE-2020-10969, CVE-2020-11112, CVE-2020-9548, CVE-2020-9546, CVE-2020-10968, CVE-2020-10673, CVE-2020-11113.
- CDPD-10099: Upgrade Jackson Databind to version 2.10.latest
-
Upgrade Jackson to version 2.10.3 to avoid future CVEs.
- CDPD-10532: Update Log4j to address CVE-2019-17571
-
Replaced log4j with an internal version to fix CVE-2019-17571.
- CDPD-7724: HBase - Upgrade to Jetty 9.4.26 to avoid CVEs
- HBase now uses Jetty 9.4.26, which addresses the following CVEs: CVE‑2017‑7656, CVE‑2017‑7657,CVE‑2017‑7658, CVE‑2018‑12536, CVE‑2017‑9735, CVE‑2019‑10247.