Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: Fix Metastore CVEs reported by security team #2703

Merged
merged 4 commits into from
Dec 28, 2023
Merged

Conversation

sumandas0
Copy link

Security issues reported by Security team on few dependencies, mostly are on hadoop versions and Ranger dependencies JARs

Security issues reported by Security team on few dependencies, mostly are on hadoop versions and Ranger dependencies JARs, removed all the Ranger dependencies at once and also removed Hadoop auth dependencies. Tried to remove All Hadoop dependencies all together but multiple dependencies are there.

Actions

  • Removed Ranger plugin dependency
  • Removed dependency solr-solrj - 7.7.1
  • Removed Hadoop auth from Atlas.

Type of change

  • Security fix (fixes an security issue)
  • New feature (adds functionality)

Related issues

Fixes Fix vulnerabilities in dependencies of atlas-metastore

Checklists

Development

  • Lint rules pass locally
  • Application changes have been tested thoroughly
  • MABL tests are passing

Security

  • Security impact of change has been considered
  • Code follows company security practices and guidelines

Code review

  • Pull request has a descriptive title and context useful to a reviewer. Screenshots or screencasts are attached as necessary
  • "Ready for review" label attached and reviewers assigned
  • Changes have been reviewed by at least one other contributor
  • Pull request linked to task tracker where applicable

Copy link
Collaborator

@checkaayush checkaayush left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@sumandas0 sumandas0 merged commit 826d15c into master Dec 28, 2023
5 checks passed
@sumandas0 sumandas0 deleted the fix-cve-ms branch December 28, 2023 07:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants