[jira] [Comment Edited] (HADOOP-15960) Update guava to 27.0-jre in hadoop-project

Wed, 27 Mar 2019 08:48:09 -0700 


    [ 
https://issues.apache.org/jira/browse/HADOOP-15960?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16802949#comment-16802949
 ] 

Gabor Bota edited comment on HADOOP-15960 at 3/27/19 3:47 PM:
--------------------------------------------------------------

h2. Testing with HBase

Tested HBase master with hadoop-3.0.4-snapshot patched with guava updated to 
v27. Created HBASE-22109 to fix issues on compile time. With that fix, I was 
able to compile and test. [~psomogyi] helped me to figure out that the test 
failures and errors were not related to this change or flaky or presumably 
because of wrong environment setup. We still have to run {{hbase/hbase-it}}, 
but other than that we are good to go imho.


was (Author: gabor.bota):
h2 Testing with HBase

Tested HBase with hadoop-3.0.4-snapshot patched with guava updated to v27. 
Created HBASE-22109 to fix issues on compile time. With that fix, I was able to 
compile and test. [~psomogyi] helped me to figure out that the test failures 
and errors were not related to this change or flaky or presumably because of 
wrong environment setup. We still have to run {{hbase/hbase-it}}, but other 
than that we are good to go imho.

> Update guava to 27.0-jre in hadoop-project
> ------------------------------------------
>
>                 Key: HADOOP-15960
>                 URL: https://issues.apache.org/jira/browse/HADOOP-15960
>             Project: Hadoop Common
>          Issue Type: Bug
>          Components: common, security
>    Affects Versions: 2.7.3, 3.1.0, 3.2.0, 3.0.3, 3.3.0
>            Reporter: Gabor Bota
>            Assignee: Gabor Bota
>            Priority: Critical
>         Attachments: HADOOP-15960-branch-3.0.001.patch, 
> HADOOP-15960-branch-3.1.001.patch, HADOOP-15960-branch-3.2.001.patch, 
> HADOOP-15960.000.WIP.patch, HADOOP-15960.001.patch
>
>
> com.google.guava:guava should be upgraded to 27.0-jre due to new CVE's found 
> [CVE-2018-10237|https://nvd.nist.gov/vuln/detail/CVE-2018-10237].



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to