David Knupp has uploaded this change for review. ( http://gerrit.cloudera.org:8080/15829
Change subject: IMPALA-9648: Exclude/ban netty-all from mvn download ...................................................................... IMPALA-9648: Exclude/ban netty-all from mvn download netty-all 4.1.44 (and earlier) has known security issues. Exclude it from hadoop*, and ensure it's banned by using maven-enforcer-plugin. This patch does not import a ban on netty 3.10.5, which also shows up in security scans, because it is present in some environments and banning it will cause builds to fail. There may be a follow-up patch to address netty separately. Tested by including netty-all in banned dependencies and then ensuring tests still pass on jenkins.impala.io. Change-Id: Ie7d61af3c10ee439ca9eef3840403229e6235c97 --- M fe/pom.xml 1 file changed, 36 insertions(+), 0 deletions(-) git pull ssh://gerrit.cloudera.org:29418/Impala-ASF refs/changes/29/15829/1 -- To view, visit http://gerrit.cloudera.org:8080/15829 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: Impala-ASF Gerrit-Branch: master Gerrit-MessageType: newchange Gerrit-Change-Id: Ie7d61af3c10ee439ca9eef3840403229e6235c97 Gerrit-Change-Number: 15829 Gerrit-PatchSet: 1 Gerrit-Owner: David Knupp <dkn...@cloudera.com>
