hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sean Mackrory (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-16210) Update guava to 27.0-jre in hadoop-project trunk
Date Mon, 01 Apr 2019 20:10:00 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-16210?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16807140#comment-16807140
] 

Sean Mackrory commented on HADOOP-16210:
----------------------------------------

Beyond the findbugs issues, I'm supportive of this change. I also ran the Azure tests. There's
more work to be done coordinating with downstream projects, but I think that can happen after
it's submitted to trunk. We've gotta commit at some point to really see what else breaks that
can't foresee. Pretty dangerous to be as far behind on dependencies as we are with this one
- even if we're not affected by specific vulnerabilities, IMO.

> Update guava to 27.0-jre in hadoop-project trunk
> ------------------------------------------------
>
>                 Key: HADOOP-16210
>                 URL: https://issues.apache.org/jira/browse/HADOOP-16210
>             Project: Hadoop Common
>          Issue Type: Sub-task
>    Affects Versions: 3.3.0
>            Reporter: Gabor Bota
>            Assignee: Gabor Bota
>            Priority: Critical
>         Attachments: HADOOP-16210.001.patch, HADOOP-16210.002.patch
>
>
> com.google.guava:guava should be upgraded to 27.0-jre due to new CVE's found CVE-2018-10237.
> This is a sub-task for trunk from HADOOP-15960 to track issues with that particular branch.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org


Mime
View raw message