Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-18487

Make protobuf 2.5 an optional runtime dependency.

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Reopened
    • Major
    • Resolution: Unresolved
    • 3.3.4
    • 3.3.9
    • build, ipc
    • Incompatible change
    • Hide
      hadoop modules no longer export protobuf-2.5.0 as a dependency, and it is omitted from the hadoop distribution directory. Applications which use the library must declare an explicit dependency.

      Hadoop uses a shaded version of protobuf3 internally, and does not use the 2.5.0 JAR except when compiling compatible classes
      Show
      hadoop modules no longer export protobuf-2.5.0 as a dependency, and it is omitted from the hadoop distribution directory. Applications which use the library must declare an explicit dependency. Hadoop uses a shaded version of protobuf3 internally, and does not use the 2.5.0 JAR except when compiling compatible classes

    Description

      uses of protobuf 2.5 and RpcEnginej have been deprecated since 3.3.0 in HADOOP-17046

      while still keeping those files around (for a long time...), how about we make the protobuf 2.5.0 export off hadoop common and hadoop-hdfs provided, rather than compile

      that way, if apps want it for their own apis, they have to explicitly ask for it, but at least our own scans don't break.

      i have no idea what will happen to the rest of the stack at this point, it will be "interesting" to see

      Attachments

        Issue Links

          is depended upon by

          Bug - A problem which impairs or prevents the functions of the product. HADOOP-17860 Upgrade third party protobuf-java-2.5.0.jar to address vulnerabilities #CVE-2015-5237, CVE-2019-15544,

          • Major - Major loss of function.
          • Open
          is related to

          Improvement - An improvement or enhancement to an existing feature or task. HADOOP-13363 Upgrade protobuf from 2.5.0 to something newer

          • Major - Major loss of function.
          • Open
          Testing discovered

          Improvement - An improvement or enhancement to an existing feature or task. YARN-11657 Remove protobuf-2.5 as dependency of hadoop-yarn-api

          • Major - Major loss of function.
          • Resolved
          links to

          Web Link GitHub Pull Request #4996

          Web Link GitHub Pull Request #6184

          Web Link GitHub Pull Request #6185

          Web Link GitHub Pull Request #6258

          Activity

            People

              stevel@apache.org Steve Loughran
              stevel@apache.org Steve Loughran
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated: