[jira] [Commented] (HADOOP-16210) Update guava to 27.0-jre in hadoop-project trunk

Fri, 24 May 2019 11:20:10 -0700 


    [ 
https://issues.apache.org/jira/browse/HADOOP-16210?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16847799#comment-16847799
 ] 

Ahmed Hussein commented on HADOOP-16210:
----------------------------------------

[~gabor.bota] [[email protected]] [~mackrorysd] 

There are several consequences of upgrading Guava including breaking 
dependencies of projects built on top of Hadoop such Tez and any other open 
source project that packages its own guava. 

For example, this is the error I get while running test cases on Tez (running 
guava 11.0.2).
{code:java}
[ERROR] Tests run: 1, Failures: 0, Errors: 1, Skipped: 0, Time elapsed: 0.136 s 
<<< FAILURE! - in org.apache.tez.dag.app.TestSpeculation
[ERROR] org.apache.tez.dag.app.TestSpeculation Time elapsed: 0.136 s <<< ERROR!
java.lang.NoSuchMethodError: 
com.google.common.base.Preconditions.checkArgument(ZLjava/lang/String;Ljava/lang/Object;)V
at 
org.apache.tez.dag.app.TestSpeculation.setupSpeculation(TestSpeculation.java:86)
{code}
It looks like guava added single parameter optimizations which breaks 
compatibility with VAR_ARGS. So, even though it shows source compatibility it 
is going to throw a runtime error due to binary incompatibility.

Generally speaking, what would be the best path moving forward when such 
updates are introduced to the trunk? How can we carry that update seamlessly to 
open source products as well?

> Update guava to 27.0-jre in hadoop-project trunk
> ------------------------------------------------
>
>                 Key: HADOOP-16210
>                 URL: https://issues.apache.org/jira/browse/HADOOP-16210
>             Project: Hadoop Common
>          Issue Type: Sub-task
>    Affects Versions: 3.3.0
>            Reporter: Gabor Bota
>            Assignee: Gabor Bota
>            Priority: Critical
>             Fix For: 3.3.0
>
>         Attachments: HADOOP-16210.001.patch, 
> HADOOP-16210.002.findbugsfix.wip.patch, HADOOP-16210.002.patch, 
> HADOOP-16210.003.patch
>
>
> com.google.guava:guava should be upgraded to 27.0-jre due to new CVE's found 
> CVE-2018-10237.
> This is a sub-task for trunk from HADOOP-15960 to track issues with that 
> particular branch.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to