Fixed Issues in Apache Tez
Review the list of Tez issues that are resolved in Cloudera Runtime 7.2.17.
- CDPD-49216: Tez - Upgrade jquery-ui to 1.13.0+ due to CVEs
- jquery-ui 1.13.0 version we already delivered into cdpd-master and cdw-master branches in the part of https://jira.cloudera.com/browse/CDPD-35798. Closing this Jira and we will handle jquery-ui 1.13.2 version upgrade in the part of https://jira.cloudera.com/browse/CDPD-44443
- CDPD-48031: Tez - Upgrade jettison to 1.5.3 due to CVE-2022-45685 and CVE-2022-45693
- Upgraded the jettison version to 1.5.3 to fix CVEs
- CDPD-40867: Tez - Upgrade gson to 2.9.0 due to CVE-2022-25647
- Tez is not using direct dependency of gson. This dependency is injected from hadoop-common:jar:22.214.171.124.2.15.4 If we want to change in gson version, we need to change hadoop-common version(which is gson version 2.9.0+ used. hadoop fixed gson CVE issues as part of https://jira.cloudera.com/browse/CDPD-40852) Marking as resolved as gson version is dependent on HADOOP. This dependency is not been used directly. If any additional information about this issue from tez side please let me know. Thanks !
Apache patch information