Thanks for the pointers. If anyone remembers what the problem was, can you share that ? I can see the known commons-cli ambiguous varargs issue on build, which is trivial to fix. Maybe there are others...
Istvan On Wed, Mar 19, 2025 at 4:18 PM Nick Dimiduk <ndimi...@apache.org> wrote: > I'm looking at the repo in github and I see that both branch-2 and > branch-2.6 have hbase-thirdparty at 4.1.10, via HBASE-29086. > > My recollection is that there's an incompatibility that prevents > upgrading it for branch-2.5. Given that there's still life in 2.5, it > would be good to get this sorted. > > On Wed, Mar 19, 2025 at 9:16 AM Istvan Toth <st...@apache.org> wrote: > > > > Hi! > > > > I've recently run some static checkers on 2.5.11, and found a few CVEs in > > thirdparty. > > branch-2 still uses thirdparty 4.1.5, which is quite old. > > > > Is there a specific reason why thirdparty wasn't updated on branch-2.x ? > > > > If 4.1.6 is for some reason incompatible with branch-2, we should still > > release something that fixes the CVEs on branch-2. (Maybe 4.1.5.x ?) > > > > Istvan > -- *István Tóth* | Sr. Staff Software Engineer *Email*: st...@cloudera.com cloudera.com <https://www.cloudera.com> [image: Cloudera] <https://www.cloudera.com/> [image: Cloudera on Twitter] <https://twitter.com/cloudera> [image: Cloudera on Facebook] <https://www.facebook.com/cloudera> [image: Cloudera on LinkedIn] <https://www.linkedin.com/company/cloudera> ------------------------------ ------------------------------
