Uploaded image for project: 'ZooKeeper'
  1. ZooKeeper
  2. ZOOKEEPER-2360

Update commons collections version used by tests/releaseaudit

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Blocker
    • Resolution: Fixed
    • Affects Version/s: 3.4.7, 3.5.1
    • Fix Version/s: 3.4.8, 3.5.2
    • Component/s: build
    • Labels:
      None
    • Hadoop Flags:
      Reviewed

      Description

      I don't believe this affects us from a security perspective directly, however it's something we should clean up in our next release.

      Afaict the only commons we use for shipping/production code is commons-cli. Our two release branches, 3.4 and 3.5, neither of them use commons-collections. I looked at the binary release artifact and it doesn't include the commons collections jar.

      We do have a test that uses CollectionsUtils, but no shipping code. I downloaded our 3.4 and 3.5 artifacts, this is all I see:

      phunt:~/Downloads/zd/5/zookeeper-3.5.1-alpha$ grep -R "org.apache.commons.collections" .
      ./src/java/test/org/apache/zookeeper/RemoveWatchesTest.java:import org.apache.commons.collections.CollectionUtils;
      phunt:~/Downloads/zd/5/zookeeper-3.5.1-alpha$

      Also in our ivy file we have

      <dependency org="org.apache.rat" name="apache-rat-tasks"
      rev="0.10" conf="releaseaudit->default"/>
      <dependency org="commons-lang" name="commons-lang"
      rev="2.6" conf="releaseaudit->default"/>
      <dependency org="commons-collections" name="commons-collections"
      rev="3.2.1" conf="releaseaudit->default"/>

      So commons-collections is pulled in - but only for the release audit, which is something we do as a build verification activity but not part of the product itself.

        Attachments

        1. ZOOKEEPER-2360.patch
          2 kB
          Patrick Hunt
        2. ZOOKEEPER-2360-branch34.patch
          1 kB
          Patrick Hunt
        3. ZOOKEEPER-2360.patch
          2 kB
          Patrick Hunt

          Activity

            People

            • Assignee:
              phunt Patrick Hunt
              Reporter:
              phunt Patrick Hunt
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: