[
https://issues.apache.org/jira/browse/TEZ-4303?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
László Bodor resolved TEZ-4303.
-------------------------------
Resolution: Fixed
> Exclude compile-time httpclient dependency from Tez
> ---------------------------------------------------
>
> Key: TEZ-4303
> URL: https://issues.apache.org/jira/browse/TEZ-4303
> Project: Apache Tez
> Issue Type: Bug
> Reporter: László Bodor
> Assignee: László Bodor
> Priority: Major
> Fix For: 0.10.2
>
> Attachments: dep_after_exclusion.log
>
> Time Spent: 1.5h
> Remaining Estimate: 0h
>
> Tez doesn't depend on org.apache.httpcomponents.httpclient directly. In order
> to avoid security warnings related to this component (e.g. CVE-2020-13956),
> we might exclude it.
> With exclusions, only test scoped dependency should remain in the tez
> dependency tree, like:
> {code}
> [INFO] +- org.apache.hadoop:hadoop-common:test-jar:tests:3.1.3:test
> [INFO] | +- org.apache.httpcomponents:httpclient:jar:4.5.2:test
> [INFO] | | \- org.apache.httpcomponents:httpcore:jar:4.4.4:test
> {code}
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
