You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@hbase.apache.org by "Duo Zhang (Jira)" <ji...@apache.org> on 2022/10/06 09:54:00 UTC

[jira] [Resolved] (HBASE-27412) [hbase-thirdparty] Bump dependency versions in hbase-thirdparty

     [ https://issues.apache.org/jira/browse/HBASE-27412?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Duo Zhang resolved HBASE-27412.
-------------------------------
    Hadoop Flags: Reviewed
    Release Note: 
protobuf 3.21.1 -> 3.21.7
netty 4.1.78.Final -> 3.1.82.Final
error prone annotation 2.14.0 0> 2.15.0
gson 2.9.0 -> 2.9.1
jetty 9.4.46.v20220331 -> 9.4.49.v20220914
jersey 2.36 -> 2.37
jackson 2.13.3 -> 2.13.4
      Resolution: Fixed

Merged to master.

Thanks [~apurtell] for reviewing!

> [hbase-thirdparty] Bump dependency versions in hbase-thirdparty
> ---------------------------------------------------------------
>
>                 Key: HBASE-27412
>                 URL: https://issues.apache.org/jira/browse/HBASE-27412
>             Project: HBase
>          Issue Type: Task
>          Components: dependencies, security, thirdparty
>            Reporter: Duo Zhang
>            Assignee: Duo Zhang
>            Priority: Major
>             Fix For: thirdparty-4.1.2
>
>
> There are several security issues in our dependencies, for example
> https://nvd.nist.gov/vuln/detail/CVE-2022-42004
> Let's bump the dependencies.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)