Uploaded image for project: 'Nuxeo Platform'
  1. Nuxeo Platform
  2. NXP-32158

Remove hadoop client from LTS 2021

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 2021
    • Fix Version/s: 2021.46
    • Component/s: Launcher
    • Tags:
    • Backlog priority:
      800
    • Upgrade notes:
      Hide

      Removed the following transitive dependency:

      <dependency>
  <groupId>org.apache.hadoop</groupId>
  <artifactId>hadoop-hdfs-client</artifactId>
</dependency>
      Show
      Removed the following transitive dependency: <dependency> <groupId>org.apache.hadoop</groupId> <artifactId>hadoop-hdfs-client</artifactId> </dependency>
    • Sprint:
      nxplatform #101
    • Story Points:
      3

      Description

      A client has security concerns about the hadoop-hdfs-client jar that is delivered with the launcher. Exclude the lib from the dependency tree.

      Please check that the dependency on okio (1.6.0) is also removed from nuxeo-launcher by removing hadoop client, so we won't have to fill a dedicated ticket forĀ CVE-2023-3635

        Attachments

          Issue Links

          is related to

          Task - A task that needs to be done. NXP-31451 Cleanup Nuxeo Launcher dependencies

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Resolved

            Activity

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: