APEXCORE-815 Whitelist CVE-2016-6811
diff --git a/dependency-check-whitelist.xml b/dependency-check-whitelist.xml
index 700c986..a8c4fbc 100644
--- a/dependency-check-whitelist.xml
+++ b/dependency-check-whitelist.xml
@@ -20,4 +20,7 @@
-->
<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.1.xsd">
+ <suppress>
+ <cve>CVE-2016-6811</cve>
+ </suppress>
</suppressions>
diff --git a/docs/application_development.md b/docs/application_development.md
index 6bfa3fd..f3398e2 100644
--- a/docs/application_development.md
+++ b/docs/application_development.md
@@ -695,7 +695,8 @@
Before you start deploying, testing and troubleshooting your
application on a cluster, you should ensure that Hadoop (version 2.6.0
or later) is properly installed and
-you have basic skills for working with it.
+you have basic skills for working with it. Due to a known vulnerability in Apache Yarn, Apex community
+recommends Hadoop version 2.7.4 or later.
------------------------------------------------------------------------