[
https://issues.apache.org/jira/browse/HADOOP-17849?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17399914#comment-17399914
]
Brahma Reddy Battula commented on HADOOP-17849:
-----------------------------------------------
{quote}[~brahmareddy] This is for users or downstream products using the
combination of hadoop-3.2.x and zookeeper-3.4.14 since ZooKeeper 3.4.14 newly
introduced the dependency on com.github.spotbugs:spotbugs-annotations.
{quote}
So, this will issue will pop up when we change zookeeper to 3.4.14 ?.
{quote}Now ZooKeeper 3.4.13 is used in branch-3.2. I suppose we need to upgrade
the version to 3.4.14 due to CVE-2019-0201
([https://zookeeper.apache.org/security.html]).
{quote}
Ok. so, first we change this and commit this jira.
Looks this already merged, are you planning raise PR for branch-3.2.3 also..?
> Exclude spotbugs-annotations from transitive dependencies on branch-3.2
> -----------------------------------------------------------------------
>
> Key: HADOOP-17849
> URL: https://issues.apache.org/jira/browse/HADOOP-17849
> Project: Hadoop Common
> Issue Type: Improvement
> Affects Versions: 3.2.2
> Reporter: Masatake Iwasaki
> Assignee: Masatake Iwasaki
> Priority: Major
> Labels: pull-request-available
> Time Spent: 40m
> Remaining Estimate: 0h
>
> Building Hadoop in dist profile with ZooKeeper 3.4.14 fails on
> hadoop-client-check-test-invariants. Excluding
> com.github.spotbugs:spotbugs-annotation from transitive dependencies should
> fix this for users needing zookeeer-3.4.14. Since the dependency is
> provided/optional on ZooKeeper 3.5.x, branch-3.3 and above are not affected.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
