Details
Description
Hi, after analyzing hadoop-common-project\hadoop-minikdc\pom.xml, we found that Hadoop depends on org.apache.kerby:kerb-simplekdc 1.0.1, which transitivity introduced commons-io:2.5.
At the same time, hadoop directly depends on a older version of commons-io:2.4. By further look into the source code, these two versions of commons-io have many different features. The dependency conflict problem brings high risks of "NotClassDefFoundError:" or "NoSuchMethodError" issues at runtime. Please notice this problem. Maybe upgrading commons-io from 2.4 to 2.5 is a good choice. Hope this report can help you. Thanks!
Attachments
Attachments
Issue Links
- breaks
-
HADOOP-15305 Replace FileUtils.writeStringToFile(File, String) with (File, String, Charset) to fix deprecation warnings
- Resolved
- is depended upon by
-
HADOOP-9991 Fix up Hadoop POMs, roll up JARs to latest versions
- Open
- is related to
-
SPARK-31130 Use the same version of `commons-io` in SBT
- Resolved
- links to