apurtell opened a new pull request #4296:
URL: https://github.com/apache/hbase/pull/4296
Dependabot auto-generated a dependency upgrade (#4291) but we could not
merge that PR as-is because it caused a unit test failure. There is a comment
in our POM indicating this is a known issue:
<!-- Updating the httpclient will break hbase-rest. It writes out URLs
with '//' in it
especially when writing out 'no column families'. Later httpclients
collapse the '//'
into single '/' as double-slash is not legal in an URL. Breaks
#testDelete in
TestRemoteTable. -->
However, staying back on a version of httpclient with CVE listed
vulnerabilities just for this isn't a good option.
This change bumps httpclient from 4.5.3 to 4.5.13 to avoid a CVE of medium
severity in this dependency.
Newer httpclient versions enable a URI normalization algorithm by default
that rewrites URIs in a way that breaks some forms of valid REST gateway
interactions, so this change also disables the unwanted behavior when building
the httpclient instance in `Client`.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
