[
https://issues.apache.org/jira/browse/HBASE-26903?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Andrew Kyle Purtell updated HBASE-26903:
----------------------------------------
Description:
Dependabot auto-generated dependency upgrade:
https://github.com/apache/hbase/pull/4291
We can't accept the dependabot PR as-is because it causes a unit test failure.
Bump the dependency and fix the test by hand.
There is a comment in our POM indicating this is a known issue:
{noformat}
<!-- Updating the httpclient will break hbase-rest. It writes out URLs with
'//' in it
especially when writing out 'no column families'. Later httpclients
collapse the '//'
into single '/' as double-slash is not legal in an URL. Breaks
#testDelete in
TestRemoteTable. -->
{noformat}
Staying back on a version of httpclient with CVE listed vulnerabilities just
for this isn't a good option.
was:
Dependabot auto-generated dependency upgrade:
https://github.com/apache/hbase/pull/4291
We can't accept the dependabot PR as-is because it causes a unit test failure.
Bump the dependency and fix the test by hand.
There is a comment in our POM indicating this is a known issue:
{code}
<!-- Updating the httpclient will break hbase-rest. It writes out URLs with
'//' in it
especially when writing out 'no column families'. Later httpclients
collapse the '//'
into single '/' as double-slash is not legal in an URL. Breaks
#testDelete in
TestRemoteTable. -->
{code}
Staying back on a version of httpclient with CVE listed vulnerabilities just
for this isn't a good option.
> Bump httpclient from 4.5.3 to 4.5.13
> ------------------------------------
>
> Key: HBASE-26903
> URL: https://issues.apache.org/jira/browse/HBASE-26903
> Project: HBase
> Issue Type: Task
> Reporter: Andrew Kyle Purtell
> Assignee: Andrew Kyle Purtell
> Priority: Minor
> Fix For: 2.5.0, 3.0.0-alpha-3, 2.4.12
>
>
> Dependabot auto-generated dependency upgrade:
> https://github.com/apache/hbase/pull/4291
> We can't accept the dependabot PR as-is because it causes a unit test
> failure. Bump the dependency and fix the test by hand.
> There is a comment in our POM indicating this is a known issue:
> {noformat}
> <!-- Updating the httpclient will break hbase-rest. It writes out URLs
> with '//' in it
>
> especially when writing out 'no column families'. Later httpclients
> collapse the '//'
>
> into single '/' as double-slash is not legal in an URL. Breaks
> #testDelete in
>
> TestRemoteTable. -->
> {noformat}
> Staying back on a version of httpclient with CVE listed vulnerabilities just
> for this isn't a good option.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
