[
https://issues.apache.org/jira/browse/HBASE-23869?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17040709#comment-17040709
]
Norbert Kalmár commented on HBASE-23869:
----------------------------------------
With 2.2.z I did not test. And I just checked, the CVEs are not valid for the
current hbase-thirdparty master repo is using of hbase-connectors (guava is
fine with v27.1 and the other CVE I had is not even present in thirdparty
2.2.1).
I'm closing this issue, as the upgrade is not justified as far as I know
(sorry, I thought this has an active CVE on guava and jetty).
> Upgrade hbase-thirdparty to 3.2.0 to match hbase master branch
> --------------------------------------------------------------
>
> Key: HBASE-23869
> URL: https://issues.apache.org/jira/browse/HBASE-23869
> Project: HBase
> Issue Type: Improvement
> Components: dependencies
> Affects Versions: connector-1.0.0
> Reporter: Norbert Kalmár
> Assignee: Norbert Kalmár
> Priority: Major
> Fix For: connector-1.0.1
>
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
