[ https://issues.apache.org/jira/browse/HBASE-25729?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17359386#comment-17359386 ]
Michael Stack commented on HBASE-25729: --------------------------------------- [~pankajkumar] No harm. Pause on the revert I'd say. 3.5.1 adds a noop htrace replacement that you must elect to enable (HBASE-24802) and the following changes, where netty+jetty upgrades are to address CVEs. protobuf 3.13.0 => 3.17.1 netty 4.1.53 => 4.1.65 guava 30.0 => 30.1.1 error-prone 2.3.4 => 2.7.1 jetty 9.4.34 => 9.4.41 extra-enforcer-rules 1.0-beta-6 => 1.3 The error-prone and extra-enforcer-rules are build-time improvements. If we were to make a 3.4.2 release, it would include the netty and jetty upgrades I'd think (to address the CVEs). That leaves the guava and protobuf changes as "gratuitous" changes. I now think a 3.4.2, just to leave out the pb and guava bumps, not worth the effort. What do ye think? > Upgrade to latest hbase-thirdparty > ---------------------------------- > > Key: HBASE-25729 > URL: https://issues.apache.org/jira/browse/HBASE-25729 > Project: HBase > Issue Type: Sub-task > Components: build, thirdparty > Affects Versions: 2.4.2 > Reporter: Andrew Kyle Purtell > Priority: Major > Fix For: 3.0.0-alpha-1, 2.5.0, 2.4.5 > > -- This message was sent by Atlassian Jira (v8.3.4#803005)