[
https://issues.apache.org/jira/browse/HBASE-27694?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Rajeshbabu Chintaguntla reopened HBASE-27694:
---------------------------------------------
Assignee: Rajeshbabu Chintaguntla
Since it's test only dependency we can exclude in the main jars and can exclude
it in the assembly as well. Will try and update the PR accordingly.
> Exclude the older versions of netty pulling from Hadoop dependencies
> --------------------------------------------------------------------
>
> Key: HBASE-27694
> URL: https://issues.apache.org/jira/browse/HBASE-27694
> Project: HBase
> Issue Type: Bug
> Reporter: Rajeshbabu Chintaguntla
> Assignee: Rajeshbabu Chintaguntla
> Priority: Major
>
> Currently the netty version of 3.10.6 is getting pulled from hdfs
> dependencies and sonatype kind of tools reporting the CVEs in HBase. To get
> rid of this better to exclude netty where hdfs or mapred client jars used.
> * org.apache.hbase : hbase-it : jar : tests : 2.5.2
> ** org.apache.hadoop : hadoop-mapreduce-client-core : 3.2.2
> *** io.netty : netty : 3.10.6.final
> ** org.apache.hbase : hbase-endpoint : 2.5.2
> *** org.apache.hadoop : hadoop-hdfs : jar : tests : 3.2.2
> **** io.netty : netty : 3.10.6.final
> *** org.apache.hadoop : hadoop-hdfs : 3.2.2
> **** io.netty : netty : 3.10.6.final
> * org.apache.hadoop : hadoop-mapreduce-client-jobclient : 3.2.2
> ** io.netty : netty : 3.10.6.final
> ** org.apache.hadoop : hadoop-mapreduce-client-common : 3.2.2
> *** io.netty : netty : 3.10.6.final
> * org.apache.hadoop : hadoop-mapreduce-client-jobclient : jar : tests : 3.2.2
> ** io.netty : netty : 3.10.6.final
> * org.apache.hadoop : hadoop-mapreduce-client-hs : 3.2.2
> ** io.netty : netty : 3.10.6.final
> ** org.apache.hadoop : hadoop-mapreduce-client-app : 3.2.2
> *** io.netty : netty : 3.10.6.final
> *** org.apache.hadoop : hadoop-mapreduce-client-shuffle : 3.2.2
> **** io.netty : netty : 3.10.6.final
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
