commit 805aba30b5b84e39cf6dda8c6d5a805a3c880c60
author Vlad Rozov <vrozov@apache.org> Tue May 15 10:52:20 2018 -0700
committer Thomas Weise <tweise@users.noreply.github.com> Wed May 16 06:43:13 2018 -0700
tree c09010ac41b929e0e339dc9b5a50684745445af6
parent a8bbec7f54e94d67106a46f8b1ca6d8e7890f126

APEXCORE-815 Whitelist CVE-2016-6811

dependency-check-whitelist.xml

diff --git a/dependency-check-whitelist.xml b/dependency-check-whitelist.xml
index 700c986..a8c4fbc 100644
--- a/dependency-check-whitelist.xml
+++ b/dependency-check-whitelist.xml
@@ -20,4 +20,7 @@
 
 -->
 <suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.1.xsd">
+  <suppress>
+    <cve>CVE-2016-6811</cve>
+  </suppress>
 </suppressions>

docs/application_development.md

diff --git a/docs/application_development.md b/docs/application_development.md
index 6bfa3fd..f3398e2 100644
--- a/docs/application_development.md
+++ b/docs/application_development.md
@@ -695,7 +695,8 @@
 Before you start deploying, testing and troubleshooting your
 application on a cluster, you should ensure that Hadoop (version 2.6.0
 or later) is properly installed and
-you have basic skills for working with it.
+you have basic skills for working with it. Due to a known vulnerability in Apache Yarn, Apex community 
+recommends Hadoop version 2.7.4 or later.
 
 ------------------------------------------------------------------------