[
https://issues.apache.org/jira/browse/HBASE-23828?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Norbert Kalmár updated HBASE-23828:
-----------------------------------
Description:
<hadoop.guava.version>11.0.2</hadoop.guava.version>
is still used in hbase-backup, I missed it at first...
So, this should be either updated or removed.
Checking which is feasible...
was:
<hadoop.guava.version>11.0.2</hadoop.guava.version> is not used anywhere. It
was added in
https://github.com/apache/hbase/commit/0e95a8a0ae24b0d19b391d49794d6716a8e86bcd
, when hbase-backup was using it. When it got removed in hbase-backup, this was
forgotten. Static analyzers is now flagging hbase as there is a CVE for guava
older versions.
Fix: just remove it from pom.xml
> Remove unused hadoop.guava.version from pom.xml
> -----------------------------------------------
>
> Key: HBASE-23828
> URL: https://issues.apache.org/jira/browse/HBASE-23828
> Project: HBase
> Issue Type: Improvement
> Reporter: Norbert Kalmár
> Assignee: Norbert Kalmár
> Priority: Major
>
> <hadoop.guava.version>11.0.2</hadoop.guava.version>
> is still used in hbase-backup, I missed it at first...
> So, this should be either updated or removed.
> Checking which is feasible...
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
