Support Questions

Find answers, ask questions, and share your expertise

does CVE-2020-9492 fixed in HDP 2.6.5

avatar

Hi,

I found this new CVE for Hadoop (CVE-2020-9492).
The solution is to upgrade to Hadoop 2.10.1 but HDP 2.6.5 (with Apache Hadoop version 2.6.7) is the latest version of Apache Hadoop 2.

Could be possible to fix any CVE into HDP 2.6.5.

Thanks in advance.

1 ACCEPTED SOLUTION

avatar
Contributor

I dont see any fix for your version. However, you can use the below workaround:

View solution in original post

3 REPLIES 3

avatar
Contributor

I dont see any fix for your version. However, you can use the below workaround:

avatar

Thanks for the asnwer regarding this security issue.

Generally speaking, does Cloudera could include future fixes in an old version ?

avatar
Contributor

Yes, if the version is supported. But as per https://www.cloudera.com/legal/policies/support-lifecycle-policy.html the support is already ended for HDP 2.6.5.

So, I would recommend upgrading the cluster to CDP for the latest features and security fixes.