[jira] [Updated] (ZOOKEEPER-2360) Update commons collections version used by tests/releaseaudit

Thu, 04 Feb 2016 14:09:00 -0800 

     [ 
https://issues.apache.org/jira/browse/ZOOKEEPER-2360?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Patrick Hunt updated ZOOKEEPER-2360:
------------------------------------
    Attachment: ZOOKEEPER-2360.patch

ZOOKEEPER-2360.patch is for trunk and branch-3.5, looks like I'll need to 
adjust it a bit for branch-3.4.

> Update commons collections version used by tests/releaseaudit
> -------------------------------------------------------------
>
>                 Key: ZOOKEEPER-2360
>                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2360
>             Project: ZooKeeper
>          Issue Type: Bug
>          Components: build
>    Affects Versions: 3.4.7, 3.5.1
>            Reporter: Patrick Hunt
>            Assignee: Patrick Hunt
>            Priority: Blocker
>             Fix For: 3.4.8, 3.5.2
>
>         Attachments: ZOOKEEPER-2360.patch
>
>
> I don't believe this affects us from a security perspective directly, however 
> it's something we should clean up in our next release.
> Afaict the only commons we use for shipping/production code is commons-cli. 
> Our two release branches, 3.4 and 3.5, neither of them use 
> commons-collections. I looked at the binary release artifact and it doesn't 
> include the commons collections jar.
> We do have a test that uses CollectionsUtils, but no shipping code. I 
> downloaded our 3.4 and 3.5 artifacts, this is all I see:
> phunt:~/Downloads/zd/5/zookeeper-3.5.1-alpha$ grep -R 
> "org.apache.commons.collections" .
> ./src/java/test/org/apache/zookeeper/RemoveWatchesTest.java:import 
> org.apache.commons.collections.CollectionUtils;
> phunt:~/Downloads/zd/5/zookeeper-3.5.1-alpha$
> Also in our ivy file we have
>     <dependency org="org.apache.rat" name="apache-rat-tasks"
>                 rev="0.10" conf="releaseaudit->default"/>
>     <dependency org="commons-lang" name="commons-lang"
>                 rev="2.6" conf="releaseaudit->default"/>
>     <dependency org="commons-collections" name="commons-collections"
>                 rev="3.2.1" conf="releaseaudit->default"/>
> So commons-collections is pulled in - but only for the release audit, which 
> is something we do as a build verification activity but not part of the 
> product itself.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to