[
https://issues.apache.org/jira/browse/HADOOP-18224?focusedWorklogId=770604&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-770604
]
ASF GitHub Bot logged work on HADOOP-18224:
-------------------------------------------
Author: ASF GitHub Bot
Created on: 15/May/22 18:42
Start Date: 15/May/22 18:42
Worklog Time Spent: 10m
Work Description: virajjasani commented on PR #4267:
URL: https://github.com/apache/hadoop/pull/4267#issuecomment-1126994284
> Hi, @[aajisaka](https://github.com/aajisaka) I am fixing the java doc
problem of hadoop-common, it is expected to be fixed in a few days (2-3days)
4292-pr #4292
@slfan1989 Both PRs (#4292 and current PR #4267) have different purpose. For
this PR, we are bumping maven compiler and javadoc plugin to avoid pulling-in
vulnerable log4j dependencies (also, these plugin versions that we are using
are almost a decade old). As part of javadoc plugin upgrade, we are seeing new
javadoc errors, whereas on PR #4292, several existing Javadoc errors are being
being resolved, which is great. But once this PR gets in, we would see few more
additional errors for both Java 8 and 11 builds.
> Maybe the tag check become more strict. We can fix them in separate issues.
I agree with @aajisaka that these new errors should be fixed in separate
Jiras. And also the fact that tag checks have become stricter and are resulting
in new Javadoc errors.
If this PR gets merged first and then if we retrigger Jenkins build on PR
#4292, we would see new errors.
Issue Time Tracking
-------------------
Worklog Id: (was: 770604)
Time Spent: 4h (was: 3h 50m)
> Upgrade maven compiler plugin to 3.10.1 and maven javadoc plugin to 3.4.0
> -------------------------------------------------------------------------
>
> Key: HADOOP-18224
> URL: https://issues.apache.org/jira/browse/HADOOP-18224
> Project: Hadoop Common
> Issue Type: Task
> Reporter: Viraj Jasani
> Assignee: Viraj Jasani
> Priority: Major
> Labels: pull-request-available
> Time Spent: 4h
> Remaining Estimate: 0h
>
> Currently we are using maven-compiler-plugin 3.1 version, which is quite old
> (2013) and it's also pulling in vulnerable log4j dependency:
> {code:java}
> [INFO]
> org.apache.maven.plugins:maven-compiler-plugin:maven-plugin:3.1:runtime
> [INFO] org.apache.maven.plugins:maven-compiler-plugin:jar:3.1
> [INFO] org.apache.maven:maven-plugin-api:jar:2.0.9
> [INFO] org.apache.maven:maven-artifact:jar:2.0.9
> [INFO] org.codehaus.plexus:plexus-utils:jar:1.5.1
> [INFO] org.apache.maven:maven-core:jar:2.0.9
> [INFO] org.apache.maven:maven-settings:jar:2.0.9
> [INFO] org.apache.maven:maven-plugin-parameter-documenter:jar:2.0.9
> ...
> ...
> ...
> [INFO] log4j:log4j:jar:1.2.12
> [INFO] commons-logging:commons-logging-api:jar:1.1
> [INFO] com.google.collections:google-collections:jar:1.0
> [INFO] junit:junit:jar:3.8.2
> {code}
>
> We should upgrade to 3.10.1 (latest Mar, 2022) version of
> maven-compiler-plugin.
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
