You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@hbase.apache.org by "Ashwini Soni (Jira)" <ji...@apache.org> on 2024/04/13 12:06:00 UTC
[jira] [Created] (HBASE-28520) CVE-2024-29131 resolution
Ashwini Soni created HBASE-28520:
------------------------------------
Summary: CVE-2024-29131 resolution
Key: HBASE-28520
URL: https://issues.apache.org/jira/browse/HBASE-28520
Project: HBase
Issue Type: Bug
Reporter: Ashwini Soni
The CVE-2024-29131 is related to the package org.apache.commons:commons-configuration2. The current version used is 2.1.1. This needs to be upgraded to 2.10.1.
I tried upgrading it. When commons-configuration2 is upgraded to 2.10.1 then the below error occurs in hbase-master:
Exception in thread "main" java.lang.NoSuchMethodError: org.apache.commons.text.lookup.StringLookupFactory.base64DecoderStringLookup()Lorg/apache/commons/text/lookup/StringLookup;
at org.apache.commons.configuration2.interpol.DefaultLookups.<clinit>(DefaultLookups.java:68)
at org.apache.commons.configuration2.interpol.ConfigurationInterpolator$DefaultPrefixLookupsHolder.createDefaultLookups(ConfigurationInterpolator.java:647)
at org.apache.commons.configuration2.interpol.ConfigurationInterpolator$DefaultPrefixLookupsHolder.<init>(ConfigurationInterpolator.java:627)
at org.apache.commons.configuration2.interpol.ConfigurationInterpolator$DefaultPrefixLookupsHolder.<clinit>(ConfigurationInterpolator.java:614)
at org.apache.commons.configuration2.interpol.ConfigurationInterpolator.getDefaultPrefixLookups(ConfigurationInterpolator.java:290)
at org.apache.commons.configuration2.AbstractConfiguration.installDefaultInterpolator(AbstractConfiguration.java:378)
at org.apache.commons.configuration2.AbstractConfiguration.<init>(AbstractConfiguration.java:125)
at org.apache.commons.configuration2.BaseConfiguration.<init>(BaseConfiguration.java:36)
at org.apache.commons.configuration2.PropertiesConfiguration.<init>(PropertiesConfiguration.java:1060)
at org.apache.hadoop.metrics2.impl.MetricsConfig.loadFirst(MetricsConfig.java:114)
at org.apache.hadoop.metrics2.impl.MetricsConfig.create(MetricsConfig.java:97)
at org.apache.hadoop.metrics2.impl.MetricsSystemImpl.configure(MetricsSystemImpl.java:482)
at org.apache.hadoop.metrics2.impl.MetricsSystemImpl.start(MetricsSystemImpl.java:188)
at org.apache.hadoop.metrics2.impl.MetricsSystemImpl.init(MetricsSystemImpl.java:163)
at org.apache.hadoop.metrics2.lib.DefaultMetricsSystem.init(DefaultMetricsSystem.java:62)
at org.apache.hadoop.metrics2.lib.DefaultMetricsSystem.initialize(DefaultMetricsSystem.java:58)
at org.apache.hadoop.hbase.metrics.BaseSourceImpl$DefaultMetricsSystemInitializer.init(BaseSourceImpl.java:54)
at org.apache.hadoop.hbase.metrics.BaseSourceImpl.<init>(BaseSourceImpl.java:112)
at org.apache.hadoop.hbase.metrics.ExceptionTrackingSourceImpl.<init>(ExceptionTrackingSourceImpl.java:47)
at org.apache.hadoop.hbase.thrift.MetricsThriftServerSourceImpl.<init>(MetricsThriftServerSourceImpl.java:54)
at org.apache.hadoop.hbase.thrift.MetricsThriftServerSourceFactoryImpl.createThriftOneSource(MetricsThriftServerSourceFactoryImpl.java:43)
at org.apache.hadoop.hbase.thrift.ThriftMetrics.<init>(ThriftMetrics.java:75)
at org.apache.hadoop.hbase.thrift.ThriftServer.createThriftMetrics(ThriftServer.java:200)
at org.apache.hadoop.hbase.thrift.ThriftServer.setupParamters(ThriftServer.java:228)
at org.apache.hadoop.hbase.thrift.ThriftServer.run(ThriftServer.java:830)
at org.apache.hadoop.util.ToolRunner.run(ToolRunner.java:76)
at org.apache.hadoop.hbase.thrift.ThriftServer.main(ThriftServer.java:861)
--
This message was sent by Atlassian Jira
(v8.20.10#820010)