[jira] [Resolved] (HBASE-27694) Exclude the older versions of netty pulling from Hadoop dependencies

Mon, 26 Feb 2024 15:49:15 -0800 


     [ 
https://issues.apache.org/jira/browse/HBASE-27694?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Andrew Kyle Purtell resolved HBASE-27694.
-----------------------------------------
    Fix Version/s:     (was: 2.5.8)
                       (was: 3.0.0-beta-2)
                       (was: 2.6.1)
         Assignee:     (was: Rajeshbabu Chintaguntla)
       Resolution: Won't Fix

We can't fix this on our side because some Hadoop code still requires netty 3. 
We need to wait for HADOOP-15327 . Fix version is 3.4.0. 

> Exclude the older versions of netty pulling from Hadoop dependencies
> --------------------------------------------------------------------
>
>                 Key: HBASE-27694
>                 URL: https://issues.apache.org/jira/browse/HBASE-27694
>             Project: HBase
>          Issue Type: Bug
>            Reporter: Rajeshbabu Chintaguntla
>            Priority: Major
>
> Currently the netty version of 3.10.6 is getting pulled from hdfs 
> dependencies and sonatype kind of tools reporting the CVEs in HBase. To get 
> rid of this better to exclude netty where hdfs or mapred client jars used.
>  * org.apache.hbase : hbase-it : jar : tests : 2.5.2
>  ** org.apache.hadoop : hadoop-mapreduce-client-core : 3.2.2
>  *** io.netty : netty : 3.10.6.final
>  ** org.apache.hbase : hbase-endpoint : 2.5.2
>  *** org.apache.hadoop : hadoop-hdfs : jar : tests : 3.2.2
>  **** io.netty : netty : 3.10.6.final
>  *** org.apache.hadoop : hadoop-hdfs : 3.2.2
>  **** io.netty : netty : 3.10.6.final
>  * org.apache.hadoop : hadoop-mapreduce-client-jobclient : 3.2.2
>  ** io.netty : netty : 3.10.6.final
>  ** org.apache.hadoop : hadoop-mapreduce-client-common : 3.2.2
>  *** io.netty : netty : 3.10.6.final
>  * org.apache.hadoop : hadoop-mapreduce-client-jobclient : jar : tests : 3.2.2
>  ** io.netty : netty : 3.10.6.final
>  * org.apache.hadoop : hadoop-mapreduce-client-hs : 3.2.2
>  ** io.netty : netty : 3.10.6.final
>  ** org.apache.hadoop : hadoop-mapreduce-client-app : 3.2.2
>  *** io.netty : netty : 3.10.6.final
>  *** org.apache.hadoop : hadoop-mapreduce-client-shuffle : 3.2.2
>  **** io.netty : netty : 3.10.6.final



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to