You are viewing a plain text version of this content. The canonical link for it is here.

Posted to common-issues@hadoop.apache.org by GitBox <gi...@apache.org> on 2022/06/28 02:05:50 UTC

[GitHub] [hadoop] iwasakims commented on a diff in pull request #4506: YARN-11199. Replace htrace-core with hbase-noop-htrace

iwasakims commented on code in PR #4506:
URL: https://github.com/apache/hadoop/pull/4506#discussion_r907956267


##########
hadoop-project/pom.xml:
##########
@@ -1687,8 +1699,19 @@
             <groupId>jdk.tools</groupId>
             <artifactId>jdk.tools</artifactId>
           </exclusion>
+          <!-- replace htrace-core with hbase-noop-htrace for CVE-2018-7489 -->
+          <exclusion>
+            <groupId>org.apache.htrace</groupId>
+            <artifactId>htrace-core</artifactId>
+          </exclusion>
         </exclusions>
       </dependency>
+      <!-- replace htrace-core with hbase-noop-htrace for CVE-2018-7489 -->
+      <dependency>
+        <groupId>org.apache.hbase.thirdparty</groupId>
+        <artifactId>hbase-noop-htrace</artifactId>
+        <version>4.1.1</version>

Review Comment:
   This looks based on HTrace 4 which is completely incompatible with HTrace 3. (like org.apache.htrace vs. org.apache.htrace.core). Did you see no issue on running timelineservice with this?



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org