You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@oozie.apache.org by "Andras Salamon (JIRA)" <ji...@apache.org> on 2019/04/08 08:02:00 UTC

[jira] [Comment Edited] (OOZIE-3418) Upgrade to Guava 27

    [ https://issues.apache.org/jira/browse/OOZIE-3418?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16810837#comment-16810837 ] 

Andras Salamon edited comment on OOZIE-3418 at 4/8/19 8:01 AM:
---------------------------------------------------------------

I think it would be useful to avoid writing code which is guava version specific. So maybe it would be better to make separate jiras which change the code in a way that it's compatible with both Guava 11 and Guava 27. Those jiras could be committed before we increase the guava version and this Jira could focus on pom changes and shading. Two possible jiras:
 * Eliminate com.google.common.io.Closeables and replace it by commons-io IOUtils like in the patch.
 * Eliminate com.google.common.base.Stopwatch and replace by commons-lang Stopwatch, hadoop stopwatch, or simple {{System.nanoTime()}} calls.

The same guava version problems are mentioned in OOZIE-2231 .


was (Author: asalamon74):
I think it would be useful to avoid writing code which is guava version specific. So maybe it would be better to make separate jiras which change the code in a way that it's compatible with both Guava 11 and Guava 27. Those jiras could be committed before we increase the guava version and this Jira could focus on pom changes and shading. Two possible jiras:
 * Eliminate com.google.common.io.Closeables and replace it by commons-io IOUtils like in the patch.
 * Eliminate com.google.common.base.Stopwatch and replace by commons-lang Stopwatch, hadoop stopwatch, or simple {{System.nanoTime()}} calls.

> Upgrade to Guava 27
> -------------------
>
>                 Key: OOZIE-3418
>                 URL: https://issues.apache.org/jira/browse/OOZIE-3418
>             Project: Oozie
>          Issue Type: Bug
>    Affects Versions: 5.1.0
>            Reporter: Andras Salamon
>            Assignee: Andras Salamon
>            Priority: Major
>         Attachments: OOZIE-3418-01-WIP.patch
>
>
> There is a guava security issue: [CVE-2018-10237|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10237]
> Currently we use Guava 11.0.2 which is affected. We need to upgrade to at least guava 24.1.1. Probably the best would be to use Guava 27.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)