Uploaded image for project: 'HBase'
  1. HBase
  2. HBASE-23834

HBase fails to run on Hadoop 3.3.0/3.2.2/3.1.4 due to jetty version mismatch

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 3.0.0-alpha-1, 2.4.0
    • Component/s: dependencies
    • Labels:
      None
    • Hadoop Flags:
      Incompatible change, Reviewed
    • Release Note:
      Hide
      Use shaded json and jersey in HBase.
      Ban the imports of unshaded json and jersey in code.
      Show
      Use shaded json and jersey in HBase. Ban the imports of unshaded json and jersey in code.

      Description

      HBase master branch is currently on Jetty 9.3, and latest Hadoop 3 (unreleased branches trunk, branch-3.2 and branch-3.1) bumped Jetty to 9.4 to address a vulnerability CVE-2017-9735.

      (1) Jetty 9.3 and 9.4 are quite different (there are incompatible API changes) and HBase won't start on the latest Hadoop 3.
      (2) In any case, HBase should update its Jetty dependency to address the vulnerability.
      Fortunately for HBase, updating to Jetty 9.4 requires no code change other than the maven version string.

      More tests are needed to verify if HBase can run on older Hadoop versions if its Jetty is updated.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                weichiu Wei-Chiu Chuang
                Reporter:
                weichiu Wei-Chiu Chuang
              • Votes:
                0 Vote for this issue
                Watchers:
                7 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: