[jira] [Work logged] (HADOOP-18224) Upgrade maven compiler plugin to 3.10.1

Thu, 19 May 2022 15:06:16 -0700 


     [ 
https://issues.apache.org/jira/browse/HADOOP-18224?focusedWorklogId=772616&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-772616
 ]

ASF GitHub Bot logged work on HADOOP-18224:
-------------------------------------------

                Author: ASF GitHub Bot
            Created on: 19/May/22 22:05
            Start Date: 19/May/22 22:05
    Worklog Time Spent: 10m 
      Work Description: virajjasani commented on PR #4267:
URL: https://github.com/apache/hadoop/pull/4267#issuecomment-1132250322

   Recent 3 QA results from Jenkins have #4292 included. (Thanks for the nice 
cleanup @slfan1989)




Issue Time Tracking
-------------------

    Worklog Id:     (was: 772616)
    Time Spent: 6h 10m  (was: 6h)

> Upgrade maven compiler plugin to 3.10.1
> ---------------------------------------
>
>                 Key: HADOOP-18224
>                 URL: https://issues.apache.org/jira/browse/HADOOP-18224
>             Project: Hadoop Common
>          Issue Type: Task
>            Reporter: Viraj Jasani
>            Assignee: Viraj Jasani
>            Priority: Major
>              Labels: pull-request-available
>          Time Spent: 6h 10m
>  Remaining Estimate: 0h
>
> Currently we are using maven-compiler-plugin 3.1 version, which is quite old 
> (2013) and it's also pulling in vulnerable log4j dependency:
> {code:java}
> [INFO]    
> org.apache.maven.plugins:maven-compiler-plugin:maven-plugin:3.1:runtime
> [INFO]       org.apache.maven.plugins:maven-compiler-plugin:jar:3.1
> [INFO]       org.apache.maven:maven-plugin-api:jar:2.0.9
> [INFO]       org.apache.maven:maven-artifact:jar:2.0.9
> [INFO]       org.codehaus.plexus:plexus-utils:jar:1.5.1
> [INFO]       org.apache.maven:maven-core:jar:2.0.9
> [INFO]       org.apache.maven:maven-settings:jar:2.0.9
> [INFO]       org.apache.maven:maven-plugin-parameter-documenter:jar:2.0.9
> ...
> ...
> ...
> [INFO]       log4j:log4j:jar:1.2.12
> [INFO]       commons-logging:commons-logging-api:jar:1.1
> [INFO]       com.google.collections:google-collections:jar:1.0
> [INFO]       junit:junit:jar:3.8.2
>  {code}
>  
> We should upgrade to 3.10.1 (latest Mar, 2022) version of 
> maven-compiler-plugin.



--
This message was sent by Atlassian Jira
(v8.20.7#820007)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to