[ 
https://issues.apache.org/jira/browse/HBASE-23828?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Norbert Kalmár updated HBASE-23828:
-----------------------------------
    Description: 
<hadoop.guava.version>11.0.2</hadoop.guava.version> 
is still used in hbase-backup, I missed it at first...
So, this should be either updated or removed. 
Checking which is feasible...

  was:
<hadoop.guava.version>11.0.2</hadoop.guava.version> is not used anywhere. It 
was added in 
https://github.com/apache/hbase/commit/0e95a8a0ae24b0d19b391d49794d6716a8e86bcd 
, when hbase-backup was using it. When it got removed in hbase-backup, this was 
forgotten. Static analyzers is now flagging hbase as there is a CVE for guava 
older versions.

Fix: just remove it from pom.xml



> Remove unused hadoop.guava.version from pom.xml
> -----------------------------------------------
>
>                 Key: HBASE-23828
>                 URL: https://issues.apache.org/jira/browse/HBASE-23828
>             Project: HBase
>          Issue Type: Improvement
>            Reporter: Norbert Kalmár
>            Assignee: Norbert Kalmár
>            Priority: Major
>
> <hadoop.guava.version>11.0.2</hadoop.guava.version> 
> is still used in hbase-backup, I missed it at first...
> So, this should be either updated or removed. 
> Checking which is feasible...



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to