Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CVE-2018-10237 Upgrade Guava version #134

Merged
merged 3 commits into from
Jul 15, 2019
Merged

CVE-2018-10237 Upgrade Guava version #134

merged 3 commits into from
Jul 15, 2019
+15 −1

Conversation

cyberdelia
Copy link
Contributor

@cyberdelia cyberdelia requested review from xerial and a team June 19, 2019 00:54
tagomoris
tagomoris approved these changes Jun 19, 2019
View reviewed changes
Copy link
Contributor

@tagomoris tagomoris left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

@xerial
Add findbug exclusion filter
911189b 
This ignores the bug check for generated classes. This also adds a workaround for a bug of findbugs for Optional.fromNullable in the recent version of Guava
@xerial
Copy link
Member

xerial commented Jun 21, 2019

Added an exclusion filter for findbugs.

This guava version upgrade is a big jump, and it will most likely cause a dependency hell for all dependent components (e.g., Presto, Spark, Hive, Embulk plugins, etc.).

We need to be prepared for this upgrade. cc: @muga @miniway @johan-g

@xerial xerial requested review from miniway, muga and johan-g June 21, 2019 23:22
@johan-g
Copy link

johan-g commented Jun 24, 2019

This pretty much makes it impossible for any version of our Hive to upgrade the TD client lib, due to deep rooted dependency incompatibilities.... Correct me if I'm wrong but since Guava is only used for optionals in this lib would it make sense to just migrate everything to java optionals and remove the dependency?

@xerial
Copy link
Member

xerial commented Jun 24, 2019
edited

@johan-g Understood. Let's merge this first, then we should work on removing Guava's dependency (e.g., Optional, ImmutableList, and some assertion) in another PR.

@xerial xerial mentioned this pull request Jun 24, 2019
Open
@cyberdelia cyberdelia merged commit 1e90303 into master Jul 15, 2019
@cyberdelia cyberdelia deleted the CVE-2018-10237 branch July 15, 2019 19:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@xerial xerial xerial approved these changes

@muga muga muga approved these changes

@tagomoris tagomoris tagomoris approved these changes

@miniway miniway Awaiting requested review from miniway

@johan-g johan-g Awaiting requested review from johan-g

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@cyberdelia @xerial @johan-g @muga @tagomoris