Yadav
Reputation: 189
Can't use hbase-shaded-client jar because of its internal dependency to log4j-1.2.17(CVE-2019-1757)
Is there a way to exclude it.I did give it a try but got ClassNotFoundException: org.apache.log4j.Level I do see that hbase-shaded-client do have slf4j dependency so there might be a way to exclude log4j and use slf4j but I'm not able to.
Upvotes: 0
Views: 1628
Answers (1)
OneCricketeer
Reputation: 191874
Yes, you can exclude log4j, but you must add back in log4j-over-slf4j.
<dependency>
<groupId>org.apache.hbase</groupId>
<artifactId>hbase-client</artifactId>
<version>[some version]</version>
<exclusions>
<exclusion>
<artifactId>log4j</artifactId>
<groupId>log4j</groupId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>log4j-over-slf4j</artifactId>
<version>[some version]</version>
</dependency>
Upvotes: 2
Related Questions
- Exception in thread "main" java.lang.NoClassDefFoundError: org/apache/hadoop/hbase/HBaseConfiguration
- Updating log4j1.2 to log4j2 present in lib hadoop-mapreduce-client-core
- HBase client - java.lang.ClassNotFoundException: org.apache.hadoop.crypto.key.KeyProviderTokenIssuer
- hbase-client 2.0.x error
- Is there way to override transitive dependency of log4j 1.2.17 to log4j2 for hadoop-hdfs 3.2.1 jar
- Java InvocationTargetException & NoSuchMethodError for hbase shaded client (or commons)
- Hadoop/Hbase: java.lang.NoClassDefFoundError: org/apache/hadoop/hbase/HBaseConfiguration
- HBase - java.lang.NoClassDefFoundError in java
- The following artifacts could not be resolved: org.apache.hbase:hbase:jar:0.96.1.1-hadoop2
- Hbase Dependency Issue: NoClassDefFoundError RegionCoprocessorHost