You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@hbase.apache.org by "Hudson (Jira)" <ji...@apache.org> on 2022/04/01 02:13:00 UTC
[jira] [Commented] (HBASE-26903) Bump httpclient from 4.5.3 to 4.5.13
[ https://issues.apache.org/jira/browse/HBASE-26903?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17515670#comment-17515670 ]
Hudson commented on HBASE-26903:
--------------------------------
Results for branch branch-2.5
[build #82 on builds.a.o|https://ci-hbase.apache.org/job/HBase%20Nightly/job/branch-2.5/82/]: (x) *{color:red}-1 overall{color}*
----
details (if available):
(/) {color:green}+1 general checks{color}
-- For more information [see general report|https://ci-hbase.apache.org/job/HBase%20Nightly/job/branch-2.5/82/General_20Nightly_20Build_20Report/]
(/) {color:green}+1 jdk8 hadoop2 checks{color}
-- For more information [see jdk8 (hadoop2) report|https://ci-hbase.apache.org/job/HBase%20Nightly/job/branch-2.5/82/JDK8_20Nightly_20Build_20Report_20_28Hadoop2_29/]
(/) {color:green}+1 jdk11 hadoop3 checks{color}
-- For more information [see jdk11 report|https://ci-hbase.apache.org/job/HBase%20Nightly/job/branch-2.5/82/JDK11_20Nightly_20Build_20Report_20_28Hadoop3_29/]
(/) {color:green}+1 source release artifact{color}
-- See build output for details.
(/) {color:green}+1 client integration test{color}
> Bump httpclient from 4.5.3 to 4.5.13
> ------------------------------------
>
> Key: HBASE-26903
> URL: https://issues.apache.org/jira/browse/HBASE-26903
> Project: HBase
> Issue Type: Task
> Reporter: Andrew Kyle Purtell
> Assignee: Andrew Kyle Purtell
> Priority: Minor
> Fix For: 2.5.0, 3.0.0-alpha-3, 2.4.12
>
>
> Dependabot auto-generated dependency upgrade: https://github.com/apache/hbase/pull/4291
> We can't accept the dependabot PR as-is because it causes a unit test failure. Bump the dependency and fix the test by hand.
> There is a comment in our POM indicating this is a known issue:
> {noformat}
> <!-- Updating the httpclient will break hbase-rest. It writes out URLs with '//' in it
> especially when writing out 'no column families'. Later httpclients collapse the '//'
> into single '/' as double-slash is not legal in an URL. Breaks #testDelete in
> TestRemoteTable. -->
> {noformat}
> Staying back on a version of httpclient with CVE listed vulnerabilities just for this isn't a good option.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)