[jira] [Commented] (HBASE-22130) [hbase-thirdparty] Upgrade thirdparty dependencies

Duo Zhang (JIRA) Fri, 29 Mar 2019 18:17:14 -0700


    [ 
https://issues.apache.org/jira/browse/HBASE-22130?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16805574#comment-16805574
 ]


Duo Zhang commented on HBASE-22130:
-----------------------------------

[~stack] I think we'd better exclude several transitive dependencies from 
guava, as we did before. Let me polish the patch~

> [hbase-thirdparty] Upgrade thirdparty dependencies
> --------------------------------------------------
>
>                 Key: HBASE-22130
>                 URL: https://issues.apache.org/jira/browse/HBASE-22130
>             Project: HBase
>          Issue Type: Task
>          Components: thirdparty
>            Reporter: Duo Zhang
>            Assignee: stack
>            Priority: Major
>         Attachments: 
> 0001-HBASE-22130-hbase-thirdparty-Upgrade-thirdparty-depe.patch
>
>
> First guava has a CVE so we need to upgrade to at least 26.0, better to the 
> newest 27.1.
> And we can also upgrade the other dependencies to the newest version at the 
> same time.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (HBASE-22130) [hbase-thirdparty] Upgrade thirdparty dependencies

Reply via email to