adoroszlai commented on a change in pull request #1472: HDDS-2150. Update dependency versions to avoid security vulnerabilities. URL: https://github.com/apache/hadoop/pull/1472#discussion_r326073658
########## File path: pom.ozone.xml ########## @@ -127,6 +127,9 @@ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xs <jackson.version>1.9.13</jackson.version> <jackson2.version>2.9.9</jackson2.version> + <!-- jaegertracing veresion --> + <jaeger.version>1.0.0</jaeger.version> Review comment: Jaeger 1.0 depends on newer OpenTracing (0.33), which is not backwards compatible. https://github.com/opentracing/opentracing-java/pull/339 https://github.com/opentracing/opentracing-java#deprecated-members-since-031 `hadoop-hdds-common` compiles only due to explicit dependency on `opentracing-util` 0.31.0. However, it fails at runtime with [`NoSuchMethodError`](https://github.com/elek/ozone-ci/blob/259712a9df53dd8531786e23676ebed13f527918/pr/pr-hdds-2150-pzdq9/integration/hadoop-ozone/ozonefs/org.apache.hadoop.fs.ozone.contract.ITestOzoneContractDistCp.txt#L6). For the security fix I think it is enough to upgrade to Jaeger 0.34, which [updated Apache Thrift to 0.12](https://github.com/jaegertracing/jaeger-client-java/blob/136a849202e8d0a95e007e6faae38f1519cdba55/build.gradle#L22). [Latest Jaeger Client release](https://github.com/jaegertracing/jaeger-client-java/releases/latest) 0.35.2 should be OK, too, as it depends on OpenTracing 0.32, which still has the deprecated methods. In this case OpenTracing version should be changed to 0.32.0. ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] With regards, Apache Git Services --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
