Uploaded image for project: 'HBase'
  1. HBase
  2. HBASE-21143

Update findbugs-maven-plugin to 3.0.4

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 3.0.0, 2.1.0, 2.2.0, 2.0.2
    • Fix Version/s: 3.0.0, 2.2.0, 2.1.1, 2.0.3
    • Component/s: pom
    • Labels:
      None
    • Hadoop Flags:
      Reviewed

      Description

      Failed to execute goal org.codehaus.mojo:findbugs-maven-plugin:3.0.0:findbugs (default) on project hbase: Execution default of goal org.codehaus.mojo:findbugs-maven-plugin:3.0.0:findbugs failed: Plugin org.codehaus.mojo:findbugs-maven-plugin:3.0.0 or one of its dependencies could not be resolved: Failed to collect dependencies at org.codehaus.mojo:findbugs-maven-plugin:jar:3.0.0 -> org.codehaus.groovy:groovy-all:jar:1.7.4: Failed to read artifact descriptor for org.codehaus.groovy:groovy-all:jar:1.7.4: Could not transfer artifact org.codehaus.groovy:groovy-all:pom:1.7.4 from/to mirror (http://xxx.xxxx.xxx/nexus/content/groups/public): Failed to transfer file: http://xxx.xxxx.xxx/nexus/content/groups/public/org/codehaus/groovy/groovy-all/1.7.4/groovy-all-1.7.4.pom. Return code is: 418 , ReasonPhrase:Artifact is in Tencent Blacklist! Please update to the safe version, more information: http://xxx.xxxx.xxx/?tab=blackList.
      

      Recently, when I compile HBase with a new machine, I got the above error. Since the machine could not connect to the external network, we visited our internal Maven repository, but org.codehaus.groovy:groovy-all:jar:1.7.4 was added to the blacklist and could not be downloaded. See details, org.codehaus.groovy:groovy-all:jar:1.7.4 is marked as vulnerable by CVE-2015-3253, so we should upgrade the version.

                    <groupId>org.codehaus.mojo</groupId>
                    <artifactId>findbugs-maven-plugin</artifactId>
                    <version>3.0.0</version>
                    <!--NOTE: Findbugs 3.0.0 requires jdk7-->
                    <configuration>
                      <excludeFilterFile>${project.basedir}/../dev-support/findbugs-exclude.xml</excludeFilterFile>
      

      Look at the history commit record, findbugs-maven-plugin has been upgraded to 3.0.4 in HBASE-18264, but one place is missing which still using the version of 3.0.0.

        Attachments

        1. HBASE-21143.master.001.patch
          0.8 kB
          Guangxu Cheng

          Issue Links

            Activity

              People

              • Assignee:
                gxcheng Guangxu Cheng
                Reporter:
                gxcheng Guangxu Cheng
              • Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: