[
https://issues.apache.org/jira/browse/HBASE-25729?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17359386#comment-17359386
]
Michael Stack commented on HBASE-25729:
---------------------------------------
[~pankajkumar] No harm. Pause on the revert I'd say.
3.5.1 adds a noop htrace replacement that you must elect to enable
(HBASE-24802) and the following changes, where netty+jetty upgrades are to
address CVEs.
protobuf 3.13.0 => 3.17.1
netty 4.1.53 => 4.1.65
guava 30.0 => 30.1.1
error-prone 2.3.4 => 2.7.1
jetty 9.4.34 => 9.4.41
extra-enforcer-rules 1.0-beta-6 => 1.3
The error-prone and extra-enforcer-rules are build-time improvements. If we
were to make a 3.4.2 release, it would include the netty and jetty upgrades I'd
think (to address the CVEs). That leaves the guava and protobuf changes as
"gratuitous" changes. I now think a 3.4.2, just to leave out the pb and guava
bumps, not worth the effort.
What do ye think?
> Upgrade to latest hbase-thirdparty
> ----------------------------------
>
> Key: HBASE-25729
> URL: https://issues.apache.org/jira/browse/HBASE-25729
> Project: HBase
> Issue Type: Sub-task
> Components: build, thirdparty
> Affects Versions: 2.4.2
> Reporter: Andrew Kyle Purtell
> Priority: Major
> Fix For: 3.0.0-alpha-1, 2.5.0, 2.4.5
>
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
