hbase-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Josh Elser (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HBASE-18891) Upgrade netty-all jar
Date Wed, 10 Jan 2018 19:35:03 GMT

    [ https://issues.apache.org/jira/browse/HBASE-18891?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16320933#comment-16320933

Josh Elser commented on HBASE-18891:

Any feedback from folks on this one? I'd like to make sure I actually get this committed before
I forget about it for another few months. [~apurtell] for a 1.3. Not sure if [~busbey] is
watching lists close enough to weigh in for a 1.2 commit (maybe [~stack] or [~mdrob] in his
IRL absence?).

tl;dr we bumped to a sufficiently newer version of netty-all to avoid a ding by security scans
on public CVEs, but not _so_ new as the newest version of netty-all included java8 compiled
classes in the jar (which would break out java7 compat statement).

> Upgrade netty-all jar
> ---------------------
>                 Key: HBASE-18891
>                 URL: https://issues.apache.org/jira/browse/HBASE-18891
>             Project: HBase
>          Issue Type: Bug
>            Reporter: Josh Elser
>            Assignee: Josh Elser
>            Priority: Critical
>             Fix For: 1.3.2, 1.2.8
>         Attachments: HBASE-18891.001.branch-1.3.patch, HBASE-18891.002.branch-1.3.patch,
HBASE-18891.002.branch-1.3.patch, HBASE-18891.002.branch-1.3.patch, HBASE-18891.003.branch-1.3.patch
> Upgrade netty-all jar to 4.0.37.Final version to fix latest vulnerabilities reported.

This message was sent by Atlassian JIRA

View raw message