[
https://issues.apache.org/jira/browse/HBASE-26903?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17514178#comment-17514178
]
Andrew Kyle Purtell commented on HBASE-26903:
---------------------------------------------
This looks promising.
https://stackoverflow.com/questions/54591140/apache-http-client-stop-removing-double-slashes-from-url
-->
https://hc.apache.org/httpcomponents-client-4.5.x/current/httpclient/apidocs/org/apache/http/client/config/RequestConfig.Builder.html#setNormalizeUri(boolean)
> Bump httpclient from 4.5.3 to 4.5.13
> ------------------------------------
>
> Key: HBASE-26903
> URL: https://issues.apache.org/jira/browse/HBASE-26903
> Project: HBase
> Issue Type: Task
> Reporter: Andrew Kyle Purtell
> Assignee: Andrew Kyle Purtell
> Priority: Minor
> Fix For: 2.5.0, 3.0.0-alpha-3, 2.4.12
>
>
> Dependabot auto-generated dependency upgrade:
> https://github.com/apache/hbase/pull/4291
> We can't accept the dependabot PR as-is because it causes a unit test
> failure. Bump the dependency and fix the test by hand.
> There is a comment in our POM indicating this is a known issue:
> {noformat}
> <!-- Updating the httpclient will break hbase-rest. It writes out URLs
> with '//' in it
>
> especially when writing out 'no column families'. Later httpclients
> collapse the '//'
>
> into single '/' as double-slash is not legal in an URL. Breaks
> #testDelete in
>
> TestRemoteTable. -->
> {noformat}
> Staying back on a version of httpclient with CVE listed vulnerabilities just
> for this isn't a good option.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
