The thirdparty patches apply mostly cleanly to branch-2.5, I only had to deal with some patch ordering issues and bump the shade-plugin version to 3.6.0.
Opened HBASE-29205 to track. Istvan On Thu, Mar 20, 2025 at 7:57 AM Istvan Toth <st...@cloudera.com> wrote: > Thanks for the pointers. > > If anyone remembers what the problem was, can you share that ? > I can see the known commons-cli ambiguous varargs issue on build, which is > trivial to fix. > Maybe there are others... > > Istvan > > On Wed, Mar 19, 2025 at 4:18 PM Nick Dimiduk <ndimi...@apache.org> wrote: > >> I'm looking at the repo in github and I see that both branch-2 and >> branch-2.6 have hbase-thirdparty at 4.1.10, via HBASE-29086. >> >> My recollection is that there's an incompatibility that prevents >> upgrading it for branch-2.5. Given that there's still life in 2.5, it >> would be good to get this sorted. >> >> On Wed, Mar 19, 2025 at 9:16 AM Istvan Toth <st...@apache.org> wrote: >> > >> > Hi! >> > >> > I've recently run some static checkers on 2.5.11, and found a few CVEs >> in >> > thirdparty. >> > branch-2 still uses thirdparty 4.1.5, which is quite old. >> > >> > Is there a specific reason why thirdparty wasn't updated on branch-2.x ? >> > >> > If 4.1.6 is for some reason incompatible with branch-2, we should still >> > release something that fixes the CVEs on branch-2. (Maybe 4.1.5.x ?) >> > >> > Istvan >> > > > -- > *István Tóth* | Sr. Staff Software Engineer > *Email*: st...@cloudera.com > cloudera.com <https://www.cloudera.com> > [image: Cloudera] <https://www.cloudera.com/> > [image: Cloudera on Twitter] <https://twitter.com/cloudera> [image: > Cloudera on Facebook] <https://www.facebook.com/cloudera> [image: > Cloudera on LinkedIn] <https://www.linkedin.com/company/cloudera> > ------------------------------ > ------------------------------ > -- *István Tóth* | Sr. Staff Software Engineer *Email*: st...@cloudera.com cloudera.com <https://www.cloudera.com> [image: Cloudera] <https://www.cloudera.com/> [image: Cloudera on Twitter] <https://twitter.com/cloudera> [image: Cloudera on Facebook] <https://www.facebook.com/cloudera> [image: Cloudera on LinkedIn] <https://www.linkedin.com/company/cloudera> ------------------------------ ------------------------------
