[
https://issues.apache.org/jira/browse/HBASE-29792?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18054506#comment-18054506
]
Andrew Kyle Purtell commented on HBASE-29792:
---------------------------------------------
This change breaks release builds from branch-2.5, and probably branch-2.6.
The issue happens in the test-aggregate-no-fork phase of mvn site. To
reproduce, use Java 8 to build, as is required for branch-2.5 and branch-2.6:
mvn clean install -DskipTests # populate the maven cache like create-release
does
mvn site -DskipTests # execute the site target like create-release does
You will see a failure like:
[ERROR] Failed to execute goal
org.apache.maven.plugins:maven-site-plugin:3.12.0:site (default-site) on
project hbase: E
rror generating maven-javadoc-plugin:3.4.0:test-aggregate-no-fork report:
...
followed by numerous lines of output that are normally only logged at WARNING
but now are logged at ERROR. There is something about this dependency change
that is unclear, to me at least, but yet impactful, breaking the builds.
> Bump org.apache.logging.log4j:log4j-core from 2.17.2 to 2.25.3
> --------------------------------------------------------------
>
> Key: HBASE-29792
> URL: https://issues.apache.org/jira/browse/HBASE-29792
> Project: HBase
> Issue Type: Task
> Components: dependabot, dependencies, logging, security
> Reporter: Duo Zhang
> Priority: Major
> Labels: pull-request-available
> Fix For: 2.7.0, 3.0.0-beta-2, 2.6.5, 2.5.14
>
>
> For addressing CVE-2025-68161.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
