Uploaded image for project: 'HBase'
  1. HBase
  2. HBASE-26903

Bump httpclient from 4.5.3 to 4.5.13

    XMLWordPrintableJSON

Details

    • Task
    • Status: Resolved
    • Minor
    • Resolution: Fixed
    • None
    • 2.5.0, 3.0.0-alpha-3, 2.4.12
    • None
    • None
    • Reviewed

    Description

      Dependabot auto-generated dependency upgrade: https://github.com/apache/hbase/pull/4291

      We can't accept the dependabot PR as-is because it causes a unit test failure. Bump the dependency and fix the test by hand.

      There is a comment in our POM indicating this is a known issue:

          <!-- Updating the httpclient will break hbase-rest. It writes out URLs with '//' in it                                                                                          
            especially when writing out 'no column families'. Later httpclients collapse the '//'                                                                                         
            into single '/' as double-slash is not legal in an URL. Breaks #testDelete in                                                                                                 
            TestRemoteTable. -->  
      

      Staying back on a version of httpclient with CVE listed vulnerabilities just for this isn't a good option.

      Attachments

        Activity

          People

            apurtell Andrew Kyle Purtell
            apurtell Andrew Kyle Purtell
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: