PJ Fanning
040c23c768
HADOOP-18712. Upgrade to jetty 9.4.51 due to cve. Contributed by PJ Fanning. ( #5574 ) ( #5585 )
...
Signed-off-by: Ayush Saxena <ayushsaxena@apache.org>
2023-04-26 18:51:04 +05:30
Ayush Saxena
d7d36b9d2a
HADOOP-18689. Bump jettison from 1.5.3 to 1.5.4 in /hadoop-project ( #5502 ) ( #5586 )
...
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-04-25 21:26:59 +05:30
Steve Loughran
bca38f84af
HADOOP-18641. Cloud connector dependency and LICENSE fixup. ( #5429 )
...
POM and LICENSE fixup of transient dependencies
* Exclude hadoop-cloud-storage imports which come in with hadoop-common
* Add explicit import of hadoop's org.codehaus.jettison declaration
to hadoop-aliyun
* Tune aliyun jars imports
* Cut duplicate and inconsistent hbase-server declarations from
hadoop-project
* Update LICENSE-binary for the current set of libraries in the
hadoop 3.3.5 release.
Contributed by Steve Loughran
2023-02-28 14:05:13 +00:00
Steve Loughran
0956994492
HADOOP-17717. Update wildfly openssl to 1.1.3.Final. ( #5310 )
...
Contributed by Wei-Chiu Chuang
2023-01-27 11:59:22 +00:00
PJ Fanning
f856611121
HADOOP-18587: upgrade to jettison 1.5.3 due to cve ( #5270 )
...
Signed-off-by: Chris Nauroth <cnauroth@apache.org>
(cherry picked from commit b9eb760ed2
)
2023-01-06 23:41:18 +00:00
Steve Loughran
223046cb64
HADOOP-18561. Update commons-net to 3.9.0 ( #5214 )
...
Addresses CVE-2021-37533, which *only* relates to FTP.
Applications not using the ftp:// filesystem, which, as
anyone who has used it will know is very minimal and
so rarely used, is not a critical part of the project.
Furthermore, the FTP-related issue is at worst information leakage
if someone connects to a malicious server.
This is a due diligence PR rather than an emergency fix.
Contributed by Steve Loughran
2022-12-19 11:57:47 +00:00
Melissa You
853ffb545a
HADOOP-18515. Backport HADOOP-17612 to branch-3.3(Upgrade Zookeeper to 3.6.3 and Curator to 5.2.0) ( #5097 )
...
* HADOOP-17612. Upgrade Zookeeper to 3.6.3 and Curator to 5.2.0 (#3241 )
Signed-off-by: Akira Ajisaka <aajisaka@apache.org>
Co-authored-by: Viraj Jasani <vjasani@apache.org>
Co-authored-by: Melissa You <myou@myou-mn1.linkedin.biz>
2022-11-05 09:28:24 -07:00
Ashutosh Gupta
7b84f6458b
HADOOP-18484. Upgrade hsqldb to v2.7.1 to mitigate CVE-2022-41853 ( #5101 )
2022-11-04 11:00:17 +01:00
PJ Fanning
d88a6ee962
HADOOP-18512: upgrade woodstox-core to 5.4.0 for security fix ( #5087 ). Contributed by PJ Fanning.
...
Signed-off-by: Ayush Saxena <ayushsaxena@apache.org>
2022-11-02 00:14:01 +05:30
PJ Fanning
41e3c7edaf
HADOOP-18472. Upgrade to snakeyaml 1.33 ( #4958 )
...
Reviewed-by: Dinesh Chitlangia <dineshc@apache.org>
Signed-off-by: Akira Ajisaka <aajisaka@apache.org>
(cherry picked from commit d6a65a4180
)
Conflicts:
LICENSE-binary
hadoop-project/pom.xml
2022-10-30 02:32:44 +09:00
PJ Fanning
ea851c5e4a
HADOOP-15983. Use jersey-json that is built to use jackson2 (( #3988 )
...
Moves from com.sun.jersey 1.19 to the artifact
com.github.pjfanning:jersey-json:1.20
This allows jackson 1 to be removed from the classpath.
Contains
* HADOOP-16908. Prune Jackson 1 from the codebase and restrict
its usage for future
* HADOOP-18219. Fix shaded client test failure
These are needed for the HADOOP-15983 changes to build.
Contributed by PJ Fanning.
2022-10-20 17:37:56 +01:00
Hexiaoqiao
84c7fd909b
HADOOP-18497. Upgrade commons-text version to 1.10.0 to fix CVE-2022-42889. ( #5037 ).
...
Contributed by PJ Fanning.
2022-10-18 15:05:08 +01:00
slfan1989
2e3f91bdf5
HADOOP-18360. Update commons-csv from 1.0 to 1.9.0. ( #4928 ). Contributed by fanshilun.
...
Signed-off-by: Ayush Saxena <ayushsaxena@apache.org>
2022-10-17 10:23:13 +05:30
PJ Fanning
96d4b9e6a7
HADOOP-18493: upgrade jackson-databind to 2.12.7.1 ( #5011 ). Contributed by PJ Fanning.
...
Signed-off-by: Ayush Saxena <ayushsaxena@apache.org>
2022-10-17 10:04:21 +05:30
Steve Loughran
cd856b7195
HADOOP-17563. Upgrade BouncyCastle to 1.68 ( #3980 ) ( #5015 )
...
Addresses CVE-2020-15522 and CVE-2020-26939.
This can break builds with older maven shade plugins or
other code using asm.jar which is not aware of recent java bytecodes
and/or multi-release JARs. fix: use a later version of asm.jar
Contributed by PJ Fanning
2022-10-15 15:09:05 +01:00
Steve Loughran
80525615e5
HADOOP-18480. Upgrade aws sdk to 1.12.316 ( #4972 )
...
Contributed by Steve Loughran
2022-10-10 10:29:41 +01:00
Steve Loughran
e360e7620c
HADOOP-18468: Upgrade jettison to 1.5.1 to fix CVE-2022-40149 ( #4937 )
...
Contributed by PJ Fanning
2022-10-10 10:05:39 +01:00
Ashutosh Gupta
51605f9dcc
HADOOP-18443. Upgrade snakeyaml to 1.32 ( #4873 )
...
Co-authored-by: Ashutosh Gupta <ashugpt@amazon.com>
Signed-off-by: Akira Ajisaka <aajisaka@apache.org>
2022-09-25 23:50:46 +09:00
PJ Fanning
d66dea300e
HADOOP-18341: upgrade commons-configuration2 to 2.8.0 and commons-text to 1.9 ( #4916 )
2022-09-22 10:44:27 +09:00
Wei-Chiu Chuang
c4d94f5623
HADOOP-18333. Upgrade jetty version to 9.4.48.v20220622 ( #4600 )
...
* HADOOP-18001. Upgrade jetty version to 9.4.44 (#3700 ). Contributed by Yuan Luo.
Signed-off-by: Ayush Saxena <ayushsaxena@apache.org>
(cherry picked from commit b85c66a035
)
* HADOOP-18333.Upgrade jetty version to 9.4.48.v20220622 (#4553 )
Co-authored-by: Ashutosh Gupta <ashugpt@amazon.com>
(cherry picked from commit e664f81ce7
)
Conflicts:
LICENSE-binary
Change-Id: I5a758df2551539c2780e170c3738c5b21eb0c79d
Co-authored-by: better3471 <46600375+better3471@users.noreply.github.com>
Co-authored-by: Ashutosh Gupta <ashutosh.gupta@st.niituniversity.in>
2022-08-24 08:16:49 +08:00
Steve Loughran
7aebacef77
HADOOP-18344. Upgrade AWS SDK to 1.12.262 ( #4637 )
...
Fixes CVE-2018-7489 in shaded jackson.
+Add more commands in testing.md
to the CLI tests needed when qualifying
a release
Contributed by Steve Loughran
2022-07-28 11:39:40 +01:00
Wei-Chiu Chuang
0c12873487
HADOOP-18079. Upgrade Netty to 4.1.77. ( #3977 ) ( #4592 )
...
Upgrade netty to address
CVE-2019-20444,
CVE-2019-20445
CVE-2022-24823
Contributed by Wei-Chiu Chuang
(cherry picked from commit a55ace7bc0
)
2022-07-27 03:10:20 +08:00
PJ Fanning
36cb8a6a2b
HADOOP-18354. Upgrade reload4j to 1.22.2 due to XXE vulnerability ( #4607 ). Contributed by PJ Fanning.
...
Signed-off-by: Ayush Saxena <ayushsaxena@apache.org>
2022-07-24 16:01:47 +05:30
PJ Fanning
6733ba56b8
HADOOP-18332. Remove rs-api dependency by downgrading jackson to 2.12.7. ( #4552 )
...
This downgrades jackson from the version switched to in
HADOOP-18033 (2.13.0), to Jackson 2.12.7.
This removes the dependency on javax.ws.rs-api,
so avoiding runtime problems with applications using
jersey-core v1 and/or jsr311-api.
The 2.12.7 release still contains the fix for CVE-2020-36518.
Contributed by PJ Fanning
2022-07-16 18:18:52 +01:00
Igor Dvorzhak
d41e0a9cc3
HADOOP-18300. Upgrade Gson dependency to version 2.9.0 ( #4454 )
...
Reviewed-by: Ayush Saxena <ayushsaxena@apache.org>
Signed-off-by: Chris Nauroth <cnauroth@apache.org>
(cherry picked from commit 77d1b194c7
)
2022-06-22 23:42:59 +00:00
Ashutosh Gupta
57fe613299
HDFS-16453. Upgrade okhttp from 2.7.5 to 4.9.3 ( #4229 )
...
Co-authored-by: Ashutosh Gupta <ashugpt@amazon.com>
Signed-off-by: Akira Ajisaka <aajisaka@apache.org>
(cherry picked from commit fb910bd906
)
Conflicts:
hadoop-project/pom.xml
2022-05-21 03:17:15 +09:00
Akira Ajisaka
603367c54f
HADOOP-18178. Upgrade jackson to 2.13.2 and jackson-databind to 2.13.2.2 ( #4147 )
...
(cherry picked from commit 4b786c797a
)
Conflicts:
LICENSE-binary
Co-authored-by: PJ Fanning <pjfanning@users.noreply.github.com>
Signed-off-by: Akira Ajisaka <aajisaka@apache.org>
2022-04-11 14:58:28 +09:00
Masatake Iwasaki
160b6d106d
HADOOP-18088. Replace log4j 1.x with reload4j. ( #4052 )
...
Co-authored-by: Wei-Chiu Chuang <weichiu@apache.org>
2022-04-07 08:33:13 +09:00
luoyuan3471
752a7b6d49
HADOOP-18044. Hadoop - Upgrade to jQuery 3.6.0 ( #3791 )
...
Co-authored-by: luoyuan <luoyuan@shopee.com>
(cherry picked from commit e2d620192a
)
2022-02-11 23:18:25 +08:00
Renukaprasad C
3bb4a09295
HADOOP-17946. Upgrade commons-lang to 3.12.0 ( #3575 )
...
(cherry picked from commit b923fa7a1c
)
2021-11-16 22:59:25 +08:00
Takanobu Asanuma
f00ab40b4d
HADOOP-17940. Upgrade Kafka to 2.8.1 ( #3488 )
...
Reviewed-by: Masatake Iwasaki <iwasakims@apache.org>
(cherry picked from commit 2068b0041c
)
2021-09-28 13:31:53 +09:00
Siyao Meng
226f94b4fc
HADOOP-17834. Bump aliyun-sdk-oss to 3.13.0 ( #3261 )
...
Change-Id: I335d4a2cb08c75dc24ef36bdfab51111f87e0762
Signed-off-by: Akira Ajisaka <aajisaka@apache.org>
(cherry picked from commit 3aaac8a1f6
)
2021-08-16 00:32:05 +09:00
Renukaprasad C
5b566c3914
HADOOP-17844. Upgrade JSON smart to 2.4.7 ( #3299 )
...
Signed-off-by: Akira Ajisaka <aajisaka@apache.org>
(cherry picked from commit b90389ae98
)
Conflicts:
LICENSE-binary
2021-08-14 20:00:38 +09:00
Akira Ajisaka
025ecf42be
HADOOP-17370. Upgrade commons-compress to 1.21 ( #3274 )
...
(cherry picked from commit 3565c9477d
)
2021-08-08 11:25:26 +09:00
Ahmed Hussein
22e7567475
HADOOP-17769. Upgrade JUnit to 4.13.2. fixes TestBlockRecovery ( #3130 ). Contributed by Ahmed Hussein. ( #3138 )
...
Signed-off-by: Ayush Saxena <ayushsaxena@apache.org>
(cherry picked from commit 581f43dce1
)
2021-06-25 22:48:56 +05:30
Takanobu Asanuma
d8689f1a08
Revert "HADOOP-17563. Update Bouncy Castle to 1.68. ( #2740 )" ( #3055 )
...
This reverts commit 0774116756
.
Reviewed-by: Wei-Chiu Chuang <weichiu@apache.org>
Reviewed-by: Akira Ajisaka <aajisaka@apache.org>
(cherry picked from commit 53ff2dfed3
)
2021-05-27 13:17:24 +09:00
Wei-Chiu Chuang
526dbe4716
HADOOP-17666. Update LICENSE for 3.3.1 ( #3011 )
...
* Inspected the jar files in the produced tarball and updated LICENSE-binary accordingly.
* add LICENSE from hadoop-thirdparty jars.
* remove any dependencies no longer in the tarball.
* Updated the license of thirdparty javascripts and C/C++ files.
Added LICENSE-asio.txt, copied from hadoop-hdfs-project/hadoop-hdfs-native-client/src/main/native/libhdfspp/third_party/asio-1.10.2/COPYING
Added LICENSE-gmock.txt, copied from hadoop-hdfs-project/hadoop-hdfs-native-client/src/main/native/libhdfspp/third_party/gmock-1.7.0/LICENSE
Added LICENSE-rapidxml.txt, copied from hadoop-hdfs-project/hadoop-hdfs-native-client/src/main/native/libhdfspp/third_party/rapidxml-1.13/rapidxml/license.txt
Added LICENSE-uriparser2.txt, copied from hadoop-hdfs-project/hadoop-hdfs-native-client/src/main/native/libhdfspp/third_party/uriparser2/uriparser2/uriparser/COPYING
Added LICENSE-tr2.txt, copied from the header of hadoop-hdfs-project/hadoop-hdfs-native-client/src/main/native/libhdfspp/third_party/uriparser2/uriparser2/tr2/optional.hpp
Added LICENSE-cJSON.txt, moved from the bottom of LICENSE.txt
* Generated license report for yarn-managed packages.
* Add LICENSE and NOTICES file of jaxb-api.
* Exclude LICENSE-binary-{yarn-applications-catalog-webapp|yarn-ui} from rat report.
These two files are autogenerated.
2021-05-21 18:15:48 -07:00
Aryan Gupta
28079e9c30
HADOOP-17283. Hadoop - Upgrade to jQuery 3.5.1 ( #2330 )
...
Signed-off-by: Takanobu Asanuma <tasanuma@apache.org>
(cherry picked from commit 486ddb73f9
)
2021-05-13 12:16:17 +08:00
dependabot[bot]
b2897fdd66
HADOOP-17683. Update commons-io to 2.8.0 ( #2974 )
...
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Akira Ajisaka <aajisaka@apache.org>
Signed-off-by: Wei-Chiu Chuang <weichiu@apache.org>
(cherry picked from commit 29105ffb63
)
2021-05-12 10:58:39 +09:00
Viraj Jasani
49f6326a9f
HADOOP-17633. Bump json-smart to 2.4.2 and nimbus-jose-jwt to 9.8 due to CVEs ( #2895 ). Contributed by Viraj Jasani.
...
Signed-off-by: Ayush Saxena <ayushsaxena@apache.org>
2021-04-16 12:41:06 +05:30
Ayush Saxena
28e89509a3
HADOOP-17586. Upgrade org.codehaus.woodstox:stax2-api to 4.2.1. ( #2769 ). Contributed by Ayush Saxena.
...
Signed-off-by: Mingliang Liu <liuml07@apache.org>
2021-03-13 15:10:27 +05:30
Takanobu Asanuma
e607d03995
HADOOP-17563. Update Bouncy Castle to 1.68. ( #2740 )
...
(cherry picked from commit 0774116756
)
2021-03-05 22:59:09 +09:00
Steve Loughran
e4bc64cce0
HADOOP-17343. Upgrade AWS SDK to 1.11.901 ( #2468 )
...
Contributed by Steve Loughran.
2020-11-23 14:09:14 +00:00
Akira Ajisaka
6b54f259e7
HADOOP-17049. javax.activation-api and jakarta.activation-api define overlapping classes ( #2027 )
...
* Removed javax.activation-api from dependency
(cherry picked from commit 52b21de1d8
)
2020-05-22 11:20:16 +09:00
Wei-Chiu Chuang
dda00d3ff5
YARN-10074. Update netty to 4.1.42Final in yarn-csi. Contributed by Wei-Chiu Chuang. ( #1807 )
2020-02-25 13:47:52 +09:00
Akira Ajisaka
d6d7f8d8c5
YARN-8374. Upgrade objenesis to 2.6 ( #1798 )
2020-02-19 09:50:37 +09:00
Akira Ajisaka
a40dc9ee31
HADOOP-15993. Upgrade Kafka to 2.4.0 in hadoop-kafka module. ( #1796 )
2020-01-09 16:24:58 +09:00
Zhankun Tang
12722ab0c7
YARN-10042. Upgrade grpc-xxx depdencies to 1.26.0. Contributed by Sheng Liu.
2019-12-20 11:10:27 +08:00
Yi Sheng
1843c4688a
HADOOP-16555. Update commons-compress to 1.19. ( #1425 ) Contributed by YiSheng Lien.
2019-09-14 02:11:04 +08:00
Akira Ajisaka
567091aa9b
HADOOP-15958. Revisiting LICENSE and NOTICE files.
...
This closes #1307
Reviewed-by: Masatake Iwasaki <iwasakims@apache.org>
2019-08-27 13:47:12 +09:00