[jira] [Commented] (HADOOP-15960) Update guava to 27.0-jre in hadoop-common

Thu, 29 Nov 2018 07:35:28 -0800 


    [ 
https://issues.apache.org/jira/browse/HADOOP-15960?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16703365#comment-16703365
 ] 

Gabor Bota commented on HADOOP-15960:
-------------------------------------

I'll search for other guava updates and link them here.
Uploaded my initial patch for this. It compiles, and I've ran tests for a few 
modules, but I'm not really sure if the way I modified 
{{ensure-jars-have-correct-contents.sh}} is the right one.

This was the error message I fixed with adding {{allowed_expr+="|^afu/"}}.
{noformat}
[INFO] Artifact looks correct: 'hadoop-client-api-3.3.0-SNAPSHOT.jar'
[ERROR] Found artifact with unexpected contents: 
'hadoop-client-modules/hadoop-client-runtime/target/hadoop-client-runtime-3.3.0-SNAPSHOT.jar'
    Please check the following and either correct the build or update
    the allowed list with reasoning.

    afu/
    afu/org/
    afu/org/checkerframework/
    afu/org/checkerframework/checker/formatter/
    afu/org/checkerframework/checker/formatter/FormatUtil$Conversion.class
    
afu/org/checkerframework/checker/formatter/FormatUtil$ExcessiveOrMissingFormatArgumentException.class
    
afu/org/checkerframework/checker/formatter/FormatUtil$IllegalFormatConversionCategoryException.class
    afu/org/checkerframework/checker/formatter/FormatUtil.class
    afu/org/checkerframework/checker/nullness/
    afu/org/checkerframework/checker/nullness/NullnessUtils.class
    afu/org/checkerframework/checker/regex/
    
afu/org/checkerframework/checker/regex/RegexUtil$CheckedPatternSyntaxException.class
    afu/org/checkerframework/checker/regex/RegexUtil.class
    afu/org/checkerframework/checker/units/
    afu/org/checkerframework/checker/units/UnitsTools.class
    afu/plume/RegexUtil$CheckedPatternSyntaxException.class
    afu/plume/RegexUtil.class
{noformat}

> Update guava to 27.0-jre in hadoop-common
> -----------------------------------------
>
>                 Key: HADOOP-15960
>                 URL: https://issues.apache.org/jira/browse/HADOOP-15960
>             Project: Hadoop Common
>          Issue Type: Bug
>          Components: common, security
>    Affects Versions: 3.1.0
>            Reporter: Gabor Bota
>            Assignee: Gabor Bota
>            Priority: Major
>         Attachments: HADOOP-15960.000.WIP.patch
>
>
> com.google.guava:guava should be upgraded to 27.0-jre due to new CVE's found 
> CVE-2018-10237.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to