Rajeshbabu Chintaguntla created HBASE-27694:
-----------------------------------------------
Summary: Exclude the older versions of netty pulling from Hadoop
dependencies
Key: HBASE-27694
URL: https://issues.apache.org/jira/browse/HBASE-27694
Project: HBase
Issue Type: Bug
Reporter: Rajeshbabu Chintaguntla
Assignee: Rajeshbabu Chintaguntla
Currently the netty version of 3.10.6 is getting pulled from hdfs dependencies
and sonatype kind of tools reporting the CVEs in HBase. To get rid of this
better to exclude netty where hdfs or mapred client jars used.
* org.apache.hbase : hbase-it : jar : tests : 2.5.2
** org.apache.hadoop : hadoop-mapreduce-client-core : 3.2.2
*** io.netty : netty : 3.10.6.final
** org.apache.hbase : hbase-endpoint : 2.5.2
*** org.apache.hadoop : hadoop-hdfs : jar : tests : 3.2.2
**** io.netty : netty : 3.10.6.final
*** org.apache.hadoop : hadoop-hdfs : 3.2.2
**** io.netty : netty : 3.10.6.final
* org.apache.hadoop : hadoop-mapreduce-client-jobclient : 3.2.2
** io.netty : netty : 3.10.6.final
** org.apache.hadoop : hadoop-mapreduce-client-common : 3.2.2
*** io.netty : netty : 3.10.6.final
* org.apache.hadoop : hadoop-mapreduce-client-jobclient : jar : tests : 3.2.2
** io.netty : netty : 3.10.6.final
* org.apache.hadoop : hadoop-mapreduce-client-hs : 3.2.2
** io.netty : netty : 3.10.6.final
** org.apache.hadoop : hadoop-mapreduce-client-app : 3.2.2
*** io.netty : netty : 3.10.6.final
*** org.apache.hadoop : hadoop-mapreduce-client-shuffle : 3.2.2
**** io.netty : netty : 3.10.6.final
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
