You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@hbase.apache.org by "Hudson (Jira)" <ji...@apache.org> on 2022/04/01 02:13:00 UTC

[jira] [Commented] (HBASE-26903) Bump httpclient from 4.5.3 to 4.5.13

    [ https://issues.apache.org/jira/browse/HBASE-26903?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17515670#comment-17515670 ] 

Hudson commented on HBASE-26903:
--------------------------------

Results for branch branch-2.5
	[build #82 on builds.a.o|https://ci-hbase.apache.org/job/HBase%20Nightly/job/branch-2.5/82/]: (x) *{color:red}-1 overall{color}*
----
details (if available):

(/) {color:green}+1 general checks{color}
-- For more information [see general report|https://ci-hbase.apache.org/job/HBase%20Nightly/job/branch-2.5/82/General_20Nightly_20Build_20Report/]




(/) {color:green}+1 jdk8 hadoop2 checks{color}
-- For more information [see jdk8 (hadoop2) report|https://ci-hbase.apache.org/job/HBase%20Nightly/job/branch-2.5/82/JDK8_20Nightly_20Build_20Report_20_28Hadoop2_29/]




(/) {color:green}+1 jdk11 hadoop3 checks{color}
-- For more information [see jdk11 report|https://ci-hbase.apache.org/job/HBase%20Nightly/job/branch-2.5/82/JDK11_20Nightly_20Build_20Report_20_28Hadoop3_29/]


(/) {color:green}+1 source release artifact{color}
-- See build output for details.


(/) {color:green}+1 client integration test{color}


> Bump httpclient from 4.5.3 to 4.5.13
> ------------------------------------
>
>                 Key: HBASE-26903
>                 URL: https://issues.apache.org/jira/browse/HBASE-26903
>             Project: HBase
>          Issue Type: Task
>            Reporter: Andrew Kyle Purtell
>            Assignee: Andrew Kyle Purtell
>            Priority: Minor
>             Fix For: 2.5.0, 3.0.0-alpha-3, 2.4.12
>
>
> Dependabot auto-generated dependency upgrade: https://github.com/apache/hbase/pull/4291
> We can't accept the dependabot PR as-is because it causes a unit test failure. Bump the dependency and fix the test by hand. 
> There is a comment in our POM indicating this is a known issue:
> {noformat}
>     <!-- Updating the httpclient will break hbase-rest. It writes out URLs with '//' in it                                                                                          
>       especially when writing out 'no column families'. Later httpclients collapse the '//'                                                                                         
>       into single '/' as double-slash is not legal in an URL. Breaks #testDelete in                                                                                                 
>       TestRemoteTable. -->  
> {noformat}
> Staying back on a version of httpclient with CVE listed vulnerabilities just for this isn't a good option. 



--
This message was sent by Atlassian Jira
(v8.20.1#820001)