[HBASE-26903] Bump httpclient from 4.5.3 to 4.5.13 - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Task
Status: Resolved
Priority: Minor
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 2.5.0, 3.0.0-alpha-3, 2.4.12
Component/s: None
Labels:
None

Hadoop Flags:

Reviewed

Description

Dependabot auto-generated dependency upgrade: https://github.com/apache/hbase/pull/4291

We can't accept the dependabot PR as-is because it causes a unit test failure. Bump the dependency and fix the test by hand.

There is a comment in our POM indicating this is a known issue:

    <!-- Updating the httpclient will break hbase-rest. It writes out URLs with '//' in it                                                                                          
      especially when writing out 'no column families'. Later httpclients collapse the '//'                                                                                         
      into single '/' as double-slash is not legal in an URL. Breaks #testDelete in                                                                                                 
      TestRemoteTable. -->

Staying back on a version of httpclient with CVE listed vulnerabilities just for this isn't a good option.

Attachments

Issue Links

links to

GitHub Pull Request #4291

GitHub Pull Request #4296

Sub-Tasks

[REST] Client must disable URI normalization

Resolved

Unassigned

Activity

People

Assignee:: Andrew Kyle Purtell

Reporter:: Andrew Kyle Purtell

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 29/Mar/22 16:12

Updated:: 01/Apr/22 06:52

Resolved:: 30/Mar/22 22:04