[
https://issues.apache.org/jira/browse/HADOOP-17424?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17500308#comment-17500308
]
Rajesh Krishnamurthy commented on HADOOP-17424:
-----------------------------------------------
Hi there, Is there any plans/update on completely removing/getting rid off
Htrace dependency from the Hadoop? Since the Htace is a no longer being
actively developed for close to 4 years, but the Htrace is having hard
dependency on jackson-databind old version, hadoop versions have been flagged
for various vulnerabilities due to the lingering older version of databind.
> Replace HTrace with No-Op tracer
> --------------------------------
>
> Key: HADOOP-17424
> URL: https://issues.apache.org/jira/browse/HADOOP-17424
> Project: Hadoop Common
> Issue Type: Sub-task
> Reporter: Siyao Meng
> Assignee: Siyao Meng
> Priority: Major
> Labels: pull-request-available
> Fix For: 3.4.0, 3.3.2
>
> Time Spent: 10.5h
> Remaining Estimate: 0h
>
> Remove HTrace dependency as it is depending on old jackson jars. Use a no-op
> tracer for now to eliminate potential security issues.
> The plan is to move part of the code in
> [PR#1846|https://github.com/apache/hadoop/pull/1846] out here for faster
> review.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org
