You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@tez.apache.org by "Eric Wohlstadter (JIRA)" <ji...@apache.org> on 2018/03/09 21:10:00 UTC
[jira] [Issue Comment Deleted] (TEZ-3902) Upgrade to
netty-3.10.5.Final.jar
[ https://issues.apache.org/jira/browse/TEZ-3902?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Eric Wohlstadter updated TEZ-3902:
----------------------------------
Comment: was deleted
(was: [~jlowe] [~jeagles]
Follow up info from Thurs. meeting:
----
Netty 3.6.2 has CVE vulnerabilities. None are listed for 3.10.5.
[https://www.cvedetails.com/vulnerability-list/vendor_id-13290/product_id-27592/Netty-Project-Netty.html]
----
compile scope is including netty jar in the tez-dist artifacts:
{{/pom.xml}}
{code:java}
<netty.version>3.6.2.Final</netty.version>
...
<dependency>
<groupId>io.netty</groupId>
<artifactId>netty</artifactId>
<scope>compile</scope>
<version>${netty.version}</version>
</dependency>
{code}
)
> Upgrade to netty-3.10.5.Final.jar
> ---------------------------------
>
> Key: TEZ-3902
> URL: https://issues.apache.org/jira/browse/TEZ-3902
> Project: Apache Tez
> Issue Type: Improvement
> Reporter: Eric Wohlstadter
> Assignee: Jonathan Eagles
> Priority: Major
>
> Hadoop 3 and Hive have upgraded to netty-3.10.5.Final, which is not compatible with current Tez dependency netty-3.6.2.Final.
>
> However, org.apache.tez.shufflehandler.ShuffleHandler depends on 3.6.2 specific methods.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)