[ https://issues.apache.org/jira/browse/HBASE-28410?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17928592#comment-17928592 ]
Hudson commented on HBASE-28410: -------------------------------- Results for branch branch-3 [build #384 on builds.a.o|https://ci-hbase.apache.org/job/HBase%20Nightly/job/branch-3/384/]: (x) *{color:red}-1 overall{color}* ---- details (if available): (/) {color:green}+1 general checks{color} -- For more information [see general report|https://ci-hbase.apache.org/job/HBase%20Nightly/job/branch-3/384/General_20Nightly_20Build_20Report/] (x) {color:red}-1 jdk17 hadoop3 checks{color} -- For more information [see jdk17 report|https://ci-hbase.apache.org/job/HBase%20Nightly/job/branch-3/384/JDK17_20Nightly_20Build_20Report_20_28Hadoop3_29/] (/) {color:green}+1 jdk17 hadoop ${HADOOP_THREE_VERSION} backward compatibility checks{color} -- For more information [see jdk17 report|https://ci-hbase.apache.org/job/HBase%20Nightly/job/branch-3/384/JDK17_20Nightly_20Build_20Report_20_28Hadoop3_29/] (/) {color:green}+1 jdk17 hadoop ${HADOOP_THREE_VERSION} backward compatibility checks{color} -- For more information [see jdk17 report|https://ci-hbase.apache.org/job/HBase%20Nightly/job/branch-3/384/JDK17_20Nightly_20Build_20Report_20_28Hadoop3_29/] (/) {color:green}+1 jdk17 hadoop ${HADOOP_THREE_VERSION} backward compatibility checks{color} -- For more information [see jdk17 report|https://ci-hbase.apache.org/job/HBase%20Nightly/job/branch-3/384/JDK17_20Nightly_20Build_20Report_20_28Hadoop3_29/] (x) {color:red}-1 source release artifact{color} -- Something went wrong with this stage, [check relevant console output|https://ci-hbase.apache.org/job/HBase%20Nightly/job/branch-3/384//console]. (x) {color:red}-1 client integration test{color} -- Something went wrong with this stage, [check relevant console output|https://ci-hbase.apache.org/job/HBase%20Nightly/job/branch-3/384//console]. > Upgrade curator to 5.7.1 > ------------------------ > > Key: HBASE-28410 > URL: https://issues.apache.org/jira/browse/HBASE-28410 > Project: HBase > Issue Type: Improvement > Components: Zookeeper > Reporter: Istvan Toth > Assignee: Dávid Paksy > Priority: Minor > Labels: pull-request-available > Fix For: 2.7.0, 3.0.0-beta-2, 2.6.3, 2.5.12 > > > HBase still uses Curator 4.2.0, -because it's the last version to support ZK > 3.4.- > Now that, with HBASE-28153, HBase uses a recent ZK, we can use the latest > Curator. > Also, curator 4.2.0 has multiple indirect vulnerabilities as per > https://mvnrepository.com/artifact/org.apache.curator/curator-client/4.2.0 > Vulnerabilities from dependencies: > * CVE-2023-44981 > * CVE-2023-2976 > * CVE-2022-4065 > * CVE-2020-8908 > * CVE-2019-0201 -- This message was sent by Atlassian Jira (v8.20.10#820010)