Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
None
-
None
-
Incompatible change, Reviewed
-
Description
HBase master branch is currently on Jetty 9.3, and latest Hadoop 3 (unreleased branches trunk, branch-3.2 and branch-3.1) bumped Jetty to 9.4 to address a vulnerability CVE-2017-9735.
(1) Jetty 9.3 and 9.4 are quite different (there are incompatible API changes) and HBase won't start on the latest Hadoop 3.
(2) In any case, HBase should update its Jetty dependency to address the vulnerability.
Fortunately for HBase, updating to Jetty 9.4 requires no code change other than the maven version string.
More tests are needed to verify if HBase can run on older Hadoop versions if its Jetty is updated.
Attachments
Issue Links
- is broken by
-
HADOOP-16152 Upgrade Eclipse Jetty version to 9.4.x
- Resolved
- is related to
-
HBASE-26253 Backport HBASE-23834 to branch 2.3
- Resolved
-
PHOENIX-6333 Hbase versions older than 2.4.0 are incompatible with Hadoop 3.1.4
- Closed
-
HBASE-25144 Add Hadoop-3.3.0 to personality hadoopcheck
- Resolved
-
HBASE-22953 Supporting Hadoop 3.3.0
- Resolved
- relates to
-
HBASE-19390 Revert to older version of Jetty 9.3
- Resolved
-
HBASE-18224 Upgrade jetty
- Resolved
-
HBASE-19256 [hbase-thirdparty] shade jetty
- Resolved
- links to