Wei-Chiu Chuang created HBASE-23834:
---------------------------------------
Summary: HBase fails to run on Hadoop 3.3.0/3.2.2/3.1.4 due to
jetty version mismatch
Key: HBASE-23834
URL: https://issues.apache.org/jira/browse/HBASE-23834
Project: HBase
Issue Type: Bug
Reporter: Wei-Chiu Chuang
HBase master branch is currently on Jetty 9.3, and latest Hadoop 3 (unreleased
branches trunk, branch-3.2 and branch-3.1) bumped Jetty to 9.4 to address a
vulnerability CVE-2017-9735.
(1) Jetty 9.3 and 9.4 are quite different (there are incompatible API changes)
and HBase won't start on the latest Hadoop 3.
(2) In any case, HBase should update its Jetty dependency to address the
vulnerability.
Fortunately for HBase, updating to Jetty 9.4 requires no code change other than
the maven version string.
More tests are needed to verify if HBase can run on older Hadoop versions if
its Jetty is updated.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
