Uploaded image for project: 'HBase'
  1. HBase
  2. HBASE-28188

Narrow the netty3 dependency scope

    XMLWordPrintableJSON

Details

    • Task
    • Status: Open
    • Major
    • Resolution: Unresolved
    • None
    • None
    • dependencies, hadoop3, security
    • None

    Description

      Netty 3 has a bunch of CVEs and will never be fixed.

      In HBase, we poll in netty 3 dependency through hadoop, and till hadop 3.3.6, the dependency is still there.

      The only place for hadoop 3.1.x where we depend on netty 3 is in MR's ShuffleHandler.

      https://issues.apache.org/jira/browse/HADOOP-15327

      So I think at least wecould narrow the dependency scope for netty 3 to test scope, as it is only used in tests we start a MiniMRCluster.

      Attachments

        Issue Links

          is related to

          Sub-task - The sub-task of the issue HADOOP-15327 Upgrade MR ShuffleHandler to use Netty4

          • Major - Major loss of function.
          • Resolved

          Activity

            People

              Unassigned Unassigned
              zhangduo Duo Zhang
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated: