big-data/hadoop
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
27,471 Commits 2 Branches 2 Tags 264 MiB
7999db55da
Commit Graph

905 Commits

Author SHA1 Message Date
Syed Shameerur Rahman
2273278d0b
HADOOP-18708: S3A: Support S3 Client Side Encryption(CSE) (#6884) 
Add support for S3 client side encryption (CSE).

CSE can configured in two modes:
- CSE-KMS where keys are provided by AWS KMS
- CSE-CUSTOM where custom keys are provided by implementing
  a custom keyring.

CSE requires an encryption library:

  amazon-s3-encryption-client-java.jar

This is _not_ included in the shaded bundle.jar
and is released separately.

The version used is currently 3.1.1

Contributed by Syed Shameerur Rahman.
 2024-11-14 13:39:56 +00:00
Dominik Diedrich
9a743bd17f
HADOOP-19315. Upgrade Apache Avro to 1.11.4 (#7128) 
* All field access is now via setter/getter methods
* To use Avro to marshal Serializable objects,
  the packages they are in must be declared in the system property
  "org.apache.avro.SERIALIZABLE_PACKAGES"
  
This is required to address
- CVE-2024-47561
- CVE-2023-39410  

This change is not backwards compatible.

Contributed by Dominik Diedrich
 2024-11-11 15:46:36 +00:00
muskan1012
f7651e2f63
HADOOP-19243. Upgrade Mockito version to 4.11.0 (#6968) 
Mockito is now at a JDK-17 compatible version.

Contributed by Muskan Mishra
 2024-11-05 17:35:53 +00:00
yanmin
9ae01bdbe8
HADOOP-19143. Upgrade commons-cli to 1.9.0 (#7126) Contributed by Min Yan. 
Reviewed-by: Ayush Saxena <ayushsaxena@apache.org>
Signed-off-by: Shilun Fan <slfan1989@apache.org>
 2024-11-05 10:39:49 +08:00
slfan1989
7a7b346b0a
Revert "HADOOP-19298. [JDK17] Add a JDK17 profile. (#7085) Contributed by Shilun Fan." (#7132) 
This reverts commit f931ede86b.
 2024-10-28 09:39:16 +08:00
slfan1989
f931ede86b
HADOOP-19298. [JDK17] Add a JDK17 profile. (#7085) Contributed by Shilun Fan.
Some checks failed
website / build (push) Has been cancelled
Details 
Reviewed-by: Steve Loughran <stevel@apache.org>
Reviewed-by: Attila Doroszlai <adoroszlai@apache.org>
Reviewed-by: Cheng Pan <chengpan@apache.org>
Reviewed-by: Min Yan <yaommen@gmail.com>
Signed-off-by: Shilun Fan <slfan1989@apache.org>
 2024-10-18 17:16:33 +08:00
Cheng Pan
9321e322d2
HADOOP-19310. Add JPMS options required by Java 17+ (#7114) Contributed by Cheng Pan. 
Reviewed-by: Attila Doroszlai <adoroszlai@apache.org>
Signed-off-by: Shilun Fan <slfan1989@apache.org>
 2024-10-16 14:15:01 +08:00
slfan1989
4e6432a0ab
HADOOP-19296. [JDK17] Upgrade maven-war-plugin to 3.4.0. (#7086) Contributed by Shilun Fan.
Some checks failed
website / build (push) Has been cancelled
Details 
Reviewed-by: Ayush Saxena <ayushsaxena@apache.org>
Reviewed-by: Cheng Pan <chengpan@apache.org>
Signed-off-by: Shilun Fan <slfan1989@apache.org>
 2024-10-03 22:32:11 +08:00
Cheng Pan
3f637efaa2
HADOOP-19219. Add JPMS options required by hadoop-common (#7084) Contributed by Cheng Pan.
Some checks failed
website / build (push) Has been cancelled
Details 
Reviewed-by: Steve Loughran <stevel@apache.org>
Signed-off-by: Shilun Fan <slfan1989@apache.org>
 2024-10-02 10:45:25 +08:00
Nihal Jain
e602c601dd
HADOOP-15760. Upgrade commons-collections to commons-collections4 (#7006) 
This moves Hadoop to Apache commons-collections4.

Apache commons-collections has been removed and is completely banned from the source code.

Contributed by Nihal Jain
 2024-09-24 16:50:22 +01:00
Ayush Saxena
f90a703e48
HADOOP-19165. Drop protobuf 2.5.0 from the distribution (#7051). Contributed by Ayush Saxena. 2024-09-24 20:58:41 +05:30
Saikat Roy
6881d12da4
HADOOP-19262: Upgrade wildfly-openssl:1.1.3.Final to 2.1.4.Final to support Java17+ (#7026) 
Contributed by Saikat Roy
 2024-09-09 15:14:03 +01:00
PJ Fanning
a00b1c06f3
HADOOP-19269. Upgrade maven-shade-plugin 3.6.0 (#7029) 
Contributed by PJ Fanning
 2024-09-05 20:29:44 +01:00
Cheng Pan
9486844610
HADOOP-16928. Make javadoc work on Java 17 (#6976) 
Contributed by Cheng Pan
 2024-09-04 11:50:59 +01:00
Steve Loughran
b404c8c8f8
HADOOP-19252. Upgrade hadoop-thirdparty to 1.3.0 (#7007) 
Update the version of hadoop-thirdparty to 1.3.0
across all shaded artifacts used.

This synchronizes the shaded protobuf library with those of
all other shaded artifacts (guava, avro)

Contributed by Steve Loughran
 2024-08-30 11:50:51 +01:00
Cheng Pan
0aab1a2976
HADOOP-19248. Protobuf code generate and replace should happen together (#6975) 
Contributed by Cheng Pan
 2024-08-28 20:18:46 +01:00
slfan1989
b5f88990b7
HADOOP-19136. Upgrade commons-io to 2.16.1. (#6704) 
Contributed by Shilun Fan.
 2024-08-16 19:42:26 +01:00
Steve Loughran
5f93edfd70
HADOOP-19153. hadoop-common exports logback as a transitive dependency (#6999) 
- Critical: remove the obsolete exclusion list from hadoop-common.
- Diligence: expand the hadoop-project exclusion list to exclude
  all ch.qos.logback artifacts

Contributed by Steve Loughran
 2024-08-16 13:54:59 +01:00
PJ Fanning
c593c17255
HADOOP-19237. Upgrade to dnsjava 3.6.1 due to CVEs (#6961) 
Contributed by P J Fanning
 2024-08-01 20:07:36 +01:00
HarshitGupta11
b1d96f6101
HADOOP-19195. S3A: Upgrade aws sdk v2 to 2.25.53 (#6900) 
Contributed by Harshit Gupta
 2024-07-08 10:18:53 +01:00
Cheng Pan
25e28b41cc
HADOOP-19216. Upgrade Guice from 4.0 to 5.1.0 to support Java 17 (#6913). Contributed by Cheng Pan. 
Signed-off-by: Ayush Saxena <ayushsaxena@apache.org>
 2024-07-06 13:13:49 +05:30
PJ Fanning
bb30545583
HADOOP-19163. Use hadoop-shaded-protobuf_3_25 (#6858) 
Contributed by PJ Fanning
 2024-06-11 17:10:00 +01:00
slfan1989
10df59e421
Revert "HADOOP-19071. Update maven-surefire-plugin from 3.0.0 to 3.2.5. (#6664)" (#6875) 
This reverts commit 88ad7db80d.
Signed-off-by: Shilun Fan <slfan1989@apache.org>
 2024-06-08 14:51:28 +08:00
PJ Fanning
2ee0bf9534
HADOOP-19154. Upgrade bouncycastle to 1.78.1 due to CVEs (#6755) 
Addresses

* CVE-2024-29857 - Importing an EC certificate with specially crafted F2m parameters can cause high CPU usage during parameter evaluation.
* CVE-2024-30171 - Possible timing based leakage in RSA based handshakes due to exception processing eliminated.
* CVE-2024-30172 - Crafted signature and public key can be used to trigger an infinite loop in the Ed25519 verification code.
* CVE-2024-301XX - When endpoint identification is enabled and an SSL socket is not created with an explicit hostname (as happens with HttpsURLConnection), hostname verification could be performed against a DNS-resolved IP address. 

Contributed by PJ Fanning
 2024-06-05 15:31:23 +01:00
slfan1989
9f6c997662
YARN-11471. [Federation] FederationStateStoreFacade Cache Support Caffeine. (#6795) Contributed by Shilun Fan. 
Reviewed-by: Inigo Goiri <inigoiri@apache.org>
Signed-off-by: Shilun Fan <slfan1989@apache.org>
 2024-06-01 06:15:20 +08:00
Murali Krishna
1baf0e889f
HADOOP-18962. Upgrade kafka to 3.4.0 (#6247) 
Upgrade Kafka Client due to CVEs

* CVE-2023-25194
* CVE-2021-38153
* CVE-2018-17196

Contributed by Murali Krishna
 2024-05-24 17:40:37 +01:00
slfan1989
be28467374
Revert "Bump org.apache.derby:derby in /hadoop-project (#6816)" (#6841) 
This reverts commit b5a90d9500.
 2024-05-21 08:46:14 +08:00
Steve Loughran
cfdf1f5e8e
HADOOP-19172. S3A: upgrade AWS v1 sdk to 1.12.720 (#6823) 
+remove reference in LICENSE-binary as it is no longer shipped

Contributed by Steve Loughran
 2024-05-15 14:40:39 +01:00
dependabot[bot]
b5a90d9500
Bump org.apache.derby:derby in /hadoop-project (#6816) 
Bumps org.apache.derby:derby from 10.14.2.0 to 10.17.1.0.

---
updated-dependencies:
- dependency-name: org.apache.derby:derby
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-05-13 12:47:31 +08:00
dependabot[bot]
1d09a64e34
Bump org.bouncycastle:bcprov-jdk18on in /hadoop-project (#6811) 
Bumps [org.bouncycastle:bcprov-jdk18on](https://github.com/bcgit/bc-java) from 1.77 to 1.78.
- [Changelog](https://github.com/bcgit/bc-java/blob/main/docs/releasenotes.html)
- [Commits](https://github.com/bcgit/bc-java/commits)

---
updated-dependencies:
- dependency-name: org.bouncycastle:bcprov-jdk18on
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-05-12 18:38:36 +05:30
Doroszlai, Attila
2645898450
HADOOP-19160. hadoop-auth should not depend on kerb-simplekdc (#6788) 2024-05-03 12:57:26 +02:00
slfan1989
88ad7db80d
HADOOP-19071. Update maven-surefire-plugin from 3.0.0 to 3.2.5. (#6664) Contributed by Shilun Fan. 
Reviewed-by: Steve Loughran <stevel@cloudera.com>
Reviewed-by: Ayush Saxena <ayushsaxena@apache.org>
Signed-off-by: Shilun Fan <slfan1989@apache.org>
 2024-04-27 20:30:21 +08:00
Ayush Saxena
eec9cd2997
HADOOP-19107. Drop support for HBase v1 & upgrade HBase v2 (#6629). Contributed by Ayush Saxena 2024-04-22 21:55:58 +05:30
slfan1989
a1ae35e691
HADOOP-19135. Remove Jcache 1.0-alpha. (#6695) Contributed by Shilun Fan. 
Reviewed-by: Steve Loughran <stevel@cloudera.com>
Signed-off-by: Shilun Fan <slfan1989@apache.org>
 2024-04-05 22:09:15 +08:00
PJ Fanning
eede5b1315
HADOOP-19114. Upgrade to commons-compress 1.26.1 due to CVEs. (#6636) 
This addresses two CVEs triggered by malformed archives

Important: Denial of Service CVE-2024-25710
Moderate: Denial of Service CVE-2024-26308

Contributed by PJ Fanning
 2024-04-03 19:32:15 +01:00
PJ Fanning
1357bb162d
HADOOP-19123. Update to commons-configuration2 2.10.1 due to CVE (#6661). Contributed by PJ Fanning 
Reviewed-by: Shilun Fan <slfan1989@apache.org>
Signed-off-by: Ayush Saxena <ayushsaxena@apache.org>
 2024-04-03 01:20:00 +05:30
PJ Fanning
06db6289cb
HADOOP-19024. Use bouncycastle jdk18 1.77 (#6410). Contributed 2024-03-30 19:58:12 +05:30
slfan1989
347521c95d
HADOOP-19124. Update org.ehcache from 3.3.1 to 3.8.2. (#6665) 2024-03-28 21:56:12 -04:00
PJ Fanning
5bfca65692
HADOOP-19115. Upgrade to nimbus-jose-jwt 9.37.2 due to CVE-2023-52428. (#6637) 
Contributed by PJ Fanning
 2024-03-27 10:30:55 +00:00
PJ Fanning
7653f968e5
HADOOP-19116. Update to zookeeper client 3.8.4 due to CVE-2024-23944. (#6638) 
Updated ZK client dependency to 3.8.4 to address  CVE-2024-23944.

Contributed by PJ Fanning
 2024-03-25 15:10:56 +00:00
PJ Fanning
e28c78f9a2
HADOOP-19088. Use jersey-json 1.22.0 (#6585) 
Contributed by pjfanning
 2024-03-12 20:16:47 +00:00
PJ Fanning
fc166d3aec
HADOOP-19090. Use protobuf-java 3.23.4. (#6593). Contributed by PJ Fanning. 2024-03-07 15:09:01 +05:30
HarshitGupta11
d974a12f39
HADOOP-19082: S3A: Update AWS SDK V2 to 2.24.6 (#6568) 
Update the AWS SDK to 2.24.6 from 2.23.5 for latest updates in packaging w.r.t. IMDS module.

Contributed by Harshit Gupta
 2024-03-05 10:15:05 +00:00
Steve Loughran
a0ce2170db
HADOOP-19084. Prune hadoop-common transitive dependencies (#6574) (#6582) 
Exclude more artifacts which are dependencies of hadoop-* modules,
with the goal of keeping conflict out of downstream applications.
    
In particular we have pruned the dependencies of of:
-zookeeper
-other libraries referencing logging

This keeps slf4j-log4j12 and log4j12 off the classpath
of applications importing hadoop-common.

Somehow logback references do still surface; applications
pulling in hadoop-common directly or indirectly should
review their imports carefully.

Contributed by Steve Loughran
 2024-03-01 12:51:13 +00:00
slfan1989
10ab8abccd
Revert "HADOOP-19071. Update maven-surefire-plugin from 3.0.0 to 3.2.5. (#6537)" (#6578) 
This reverts commit 555faf28ce.
 2024-02-23 14:25:15 +08:00
Steve Loughran
095dfcca30
HADOOP-18088. Replace log4j 1.x with reload4j. (#4052) 
Co-authored-by: Wei-Chiu Chuang <weichiu@apache.org>


Includes HADOOP-18354. Upgrade reload4j to 1.22.2 due to XXE vulnerability (#4607). 

Log4j 1.2.17 has been replaced by reloadj 1.22.2
SLF4J is at 1.7.36
 2024-02-13 16:33:51 +00:00
slfan1989
555faf28ce
HADOOP-19071. Update maven-surefire-plugin from 3.0.0 to 3.2.5. (#6537) Contributed by Shilun Fan 
Reviewed-by: Steve Loughran <stevel@cloudera.com>
Signed-off-by: Shilun Fan <slfan1989@apache.org>
 2024-02-11 07:41:46 +08:00
Adnan Hemani
50d256ef3c
HADOOP-19059. S3A: Update AWS Java SDK to 2.23.19 (#6538) 
Contributed by Adnan Hemani
 2024-02-08 20:38:37 +00:00
slfan1989
8011b21c52
HADOOP-19069. Use hadoop-thirdparty 1.2.0. (#6533) Contributed by Shilun Fan 
Reviewed-by: He Xiaoqiao <hexiaoqiao@apache.org>
Signed-off-by: Shilun Fan <slfan1989@apache.org>
 2024-02-08 19:18:04 +08:00
Takanobu Asanuma
2f1718c363
HADOOP-19056. Highlight RBF features and improvements targeting version 3.4. (#6512) Contributed by Takanobu Asanuma. 
Signed-off-by: Shilun Fan <slfan1989@apache.org>
 2024-01-31 13:30:35 +08:00