[jira] [Comment Edited] (HADOOP-16210) Update guava to 27.0-jre in hadoop-project trunk

[Sean Mackrory (JIRA)]

    [ 
https://issues.apache.org/jira/browse/HADOOP-16210?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16809130#comment-16809130
 ] 

Sean Mackrory edited comment on HADOOP-16210 at 4/3/19 7:21 PM:
----------------------------------------------------------------

{quote}-1       javac   19m 7s  root generated 15 new + 1481 unchanged - 1 
fixed = 1496 total (was 1482) {quote}

I didn't notice this one before I pushed. We should eliminate those if we can 
while the issue is still fresh. Care to follow-up on that, [~gabor.bota]? 
(edit: actually Gabor already filed HADOOP-16222 for that, and it makes the 
issue of Yetus timing out before running all the tests worse)

I should also note that there was a [DISCUSS] thread on the mailing list about 
this, but it's been no opposition, only support. I committed to trunk only - 
since you're still testing downstream, we should keep this open to backport to 
those branches as they seem to be confirmed ready.


was (Author: mackrorysd):
{quote}-1       javac   19m 7s  root generated 15 new + 1481 unchanged - 1 
fixed = 1496 total (was 1482) {quote}

I didn't notice this one before I pushed. We should eliminate those if we can 
while the issue is still fresh. Care to follow-up on that, [~gabor.bota]?

I should also note that there was a [DISCUSS] thread on the mailing list about 
this, but it's been no opposition, only support. I committed to trunk only - 
since you're still testing downstream, we should keep this open to backport to 
those branches as they seem to be confirmed ready.

> Update guava to 27.0-jre in hadoop-project trunk
> ------------------------------------------------
>
>                 Key: HADOOP-16210
>                 URL: https://issues.apache.org/jira/browse/HADOOP-16210
>             Project: Hadoop Common
>          Issue Type: Sub-task
>    Affects Versions: 3.3.0
>            Reporter: Gabor Bota
>            Assignee: Gabor Bota
>            Priority: Critical
>         Attachments: HADOOP-16210.001.patch, 
> HADOOP-16210.002.findbugsfix.wip.patch, HADOOP-16210.002.patch, 
> HADOOP-16210.003.patch
>
>
> com.google.guava:guava should be upgraded to 27.0-jre due to new CVE's found 
> CVE-2018-10237.
> This is a sub-task for trunk from HADOOP-15960 to track issues with that 
> particular branch.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org