Hello Joe McDonnell, Impala Public Jenkins,
I'd like you to reexamine a change. Please visit
http://gerrit.cloudera.org:8080/15829
to look at the new patch set (#3).
Change subject: IMPALA-9648: Exclude/ban netty-all from mvn download
......................................................................
IMPALA-9648: Exclude/ban netty-all from mvn download
netty-all 4.1.44 (and earlier) has known security issues. Exclude it
from hadoop*, and ensure it's banned by using maven-enforcer-plugin.
An earlier attempt (since reverted) had also tried to ban netty 3.10.5,
which also shows up in security scans, but since that jar is present in
some environments, banning it will cause builds to fail. There may be
a follow-up patch to address netty separately.
Tested by cherry-picking this patch onto cdpd-master and making sure
that the build is still successful.
Change-Id: Ie7d61af3c10ee439ca9eef3840403229e6235c97
---
M fe/pom.xml
1 file changed, 36 insertions(+), 0 deletions(-)
git pull ssh://gerrit.cloudera.org:29418/Impala-ASF refs/changes/29/15829/3
--
To view, visit http://gerrit.cloudera.org:8080/15829
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings
Gerrit-Project: Impala-ASF
Gerrit-Branch: master
Gerrit-MessageType: newpatchset
Gerrit-Change-Id: Ie7d61af3c10ee439ca9eef3840403229e6235c97
Gerrit-Change-Number: 15829
Gerrit-PatchSet: 3
Gerrit-Owner: David Knupp <[email protected]>
Gerrit-Reviewer: David Knupp <[email protected]>
Gerrit-Reviewer: Impala Public Jenkins <[email protected]>
Gerrit-Reviewer: Joe McDonnell <[email protected]>
