I have merged the backports. Thanks to Nick, Duo, Nihal and Peter for the discussion and reviews.
On Thu, Mar 20, 2025 at 9:01 AM Istvan Toth <st...@cloudera.com> wrote: > The thirdparty patches apply mostly cleanly to branch-2.5, I only had to > deal with some patch ordering issues and bump the shade-plugin version to > 3.6.0. > > Opened HBASE-29205 to track. > > Istvan > > On Thu, Mar 20, 2025 at 7:57 AM Istvan Toth <st...@cloudera.com> wrote: > >> Thanks for the pointers. >> >> If anyone remembers what the problem was, can you share that ? >> I can see the known commons-cli ambiguous varargs issue on build, which >> is trivial to fix. >> Maybe there are others... >> >> Istvan >> >> On Wed, Mar 19, 2025 at 4:18 PM Nick Dimiduk <ndimi...@apache.org> wrote: >> >>> I'm looking at the repo in github and I see that both branch-2 and >>> branch-2.6 have hbase-thirdparty at 4.1.10, via HBASE-29086. >>> >>> My recollection is that there's an incompatibility that prevents >>> upgrading it for branch-2.5. Given that there's still life in 2.5, it >>> would be good to get this sorted. >>> >>> On Wed, Mar 19, 2025 at 9:16 AM Istvan Toth <st...@apache.org> wrote: >>> > >>> > Hi! >>> > >>> > I've recently run some static checkers on 2.5.11, and found a few CVEs >>> in >>> > thirdparty. >>> > branch-2 still uses thirdparty 4.1.5, which is quite old. >>> > >>> > Is there a specific reason why thirdparty wasn't updated on branch-2.x >>> ? >>> > >>> > If 4.1.6 is for some reason incompatible with branch-2, we should still >>> > release something that fixes the CVEs on branch-2. (Maybe 4.1.5.x ?) >>> > >>> > Istvan >>> >> >> >> -- >> *István Tóth* | Sr. Staff Software Engineer >> *Email*: st...@cloudera.com >> cloudera.com <https://www.cloudera.com> >> [image: Cloudera] <https://www.cloudera.com/> >> [image: Cloudera on Twitter] <https://twitter.com/cloudera> [image: >> Cloudera on Facebook] <https://www.facebook.com/cloudera> [image: >> Cloudera on LinkedIn] <https://www.linkedin.com/company/cloudera> >> ------------------------------ >> ------------------------------ >> > > > -- > *István Tóth* | Sr. Staff Software Engineer > *Email*: st...@cloudera.com > cloudera.com <https://www.cloudera.com> > [image: Cloudera] <https://www.cloudera.com/> > [image: Cloudera on Twitter] <https://twitter.com/cloudera> [image: > Cloudera on Facebook] <https://www.facebook.com/cloudera> [image: > Cloudera on LinkedIn] <https://www.linkedin.com/company/cloudera> > ------------------------------ > ------------------------------ > -- *István Tóth* | Sr. Staff Software Engineer *Email*: st...@cloudera.com cloudera.com <https://www.cloudera.com> [image: Cloudera] <https://www.cloudera.com/> [image: Cloudera on Twitter] <https://twitter.com/cloudera> [image: Cloudera on Facebook] <https://www.facebook.com/cloudera> [image: Cloudera on LinkedIn] <https://www.linkedin.com/company/cloudera> ------------------------------ ------------------------------
