snmvaughan commented on PR #4491:
URL: https://github.com/apache/hadoop/pull/4491#issuecomment-1167837080
HTrace is a transitive dependency that is pulled in from HBase. You can
find htrace-core in our current 3.3.3 distribution, and I checked that it is
also included in a build from trunk. I've submitted YARN-11199 against trunk
to specifically target replacement of htrace-core with hbase-noop-htrace.
________________________________
From: Steve Loughran ***@***.***>
Sent: Monday, June 27, 2022 2:30 PM
To: apache/hadoop ***@***.***>
Cc: Steve Vaughan ***@***.***>; Author ***@***.***>
Subject: Re: [apache/hadoop] HADOOP-18311. Upgrade dependencies to address
several CVEs (PR #4491)
1. I've cherrypicked the aws sdk update we'd had in branch-3.3.
2. the jquery stuff should all be good now.
3. if htrace is still visible then that's a problem across the branches.
is it getting in to the distribution, or is it a transitive dependency of
something (test jar?) we don't distribute but do publish on maven.
4. jetty will need to be reviewed carefully.
I am away for a week and want to make a release next week which is up to
date security wise but not going to cause regressions. please can people sort
htrace/jetty stuff out this week so everything is ready then. thanks
—
Reply to this email directly, view it on
GitHub<https://github.com/apache/hadoop/pull/4491#issuecomment-1167721883>, or
unsubscribe<https://github.com/notifications/unsubscribe-auth/AAC3RCCPDEQF6N6UKHZHVN3VRHXM5ANCNFSM5ZR5VUQA>.
You are receiving this because you authored the thread.Message ID:
***@***.***>
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
