You are viewing a plain text version of this content. The canonical link for it is here.

Posted to common-dev@hadoop.apache.org by "Viraj Jasani (Jira)" <ji...@apache.org> on 2022/05/05 23:06:00 UTC

[jira] [Created] (HADOOP-18224) Upgrade maven compiler plugin

Viraj Jasani created HADOOP-18224:
-------------------------------------

             Summary: Upgrade maven compiler plugin
                 Key: HADOOP-18224
                 URL: https://issues.apache.org/jira/browse/HADOOP-18224
             Project: Hadoop Common
          Issue Type: Task
            Reporter: Viraj Jasani
            Assignee: Viraj Jasani


Currently we are using maven-compiler-plugin 3.1 version, which is quite old (2013) and it's also pulling in vulnerable log4j dependency:
{code:java}
[INFO]    org.apache.maven.plugins:maven-compiler-plugin:maven-plugin:3.1:runtime
[INFO]       org.apache.maven.plugins:maven-compiler-plugin:jar:3.1
[INFO]       org.apache.maven:maven-plugin-api:jar:2.0.9
[INFO]       org.apache.maven:maven-artifact:jar:2.0.9
[INFO]       org.codehaus.plexus:plexus-utils:jar:1.5.1
[INFO]       org.apache.maven:maven-core:jar:2.0.9
[INFO]       org.apache.maven:maven-settings:jar:2.0.9
[INFO]       org.apache.maven:maven-plugin-parameter-documenter:jar:2.0.9
...
...
...
[INFO]       log4j:log4j:jar:1.2.12
[INFO]       commons-logging:commons-logging-api:jar:1.1
[INFO]       com.google.collections:google-collections:jar:1.0
[INFO]       junit:junit:jar:3.8.2
 {code}
 

We should upgrade to 3.10.1 (latest Mar, 2022) version of maven-compiler-plugin.



--
This message was sent by Atlassian Jira
(v8.20.7#820007)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-dev-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-dev-help@hadoop.apache.org