Commit Graph

899 Commits

Author SHA1 Message Date
Murali Krishna
9edcf42c78
HADOOP-18540. Upgrade Bouncy Castle to 1.70 (#5166)
This addresses
- [sonatype-2021-4916] CWE-327: Use of a Broken or Risky Cryptographic Algorithm
- [sonatype-2019-0673] CWE-400: Uncontrolled Resource Consumption ('Resource Exhaustion')

Contributed by Murali Krishna
2024-01-01 19:04:06 +00:00
Ayush Saxena
9a4d10763c
HADOOP-19020. Update the year to 2024. (#6397). Contributed by Ayush Saxena.
Reviewed-by: Ashutosh Gupta <ashugpt@amazon.com>
Reviewed-by: Shilun Fan <slfan1989@apache.org>
2024-01-01 12:51:54 +05:30
BilwaST
f52c7d3e9a
HADOOP-18613. Upgrade ZooKeeper to version 3.8.3 (#6296). Contributed by Bilwa S T.
Signed-off-by: Ayush Saxena <ayushsaxena@apache.org>
2023-12-19 23:01:28 +05:30
Steve Loughran
19b9e6a97b
HADOOP-19008. S3A: update aws-sdk version to 2.21.41 (#6334)
AWS SDK is now at 2.21.41.
Key change: log4j.properties settings are picked up.
2023-12-12 15:15:32 +00:00
ahmarsuhail
d25cba7e85
S3A: Upgrade AWS SDK version to 2.21.33 for Amazon S3 Express One Zone support (#6306)
With this upgrade, it is possible to connect to an Amazon S3 Express One Zone bucket.

Some tests from the S3A test suite will currently fail against a one zone bucket, as one zone buckets
do not support some S3 standard features (eg: SSE-KMS), and certain operations behave slightly
differently (eg: listMPU will return a directory that has incomplete MPUs).

Contributed by Ahmar Suhail
2023-11-29 13:16:19 +00:00
Steve Loughran
d634deea4e
HADOOP-18487. Protobuf 2.5 removal part 2: stop exporting protobuf-2.5 (#6185)
Followup to the previous HADOOP-18487 patch: changes the scope of
protobuf-2.5 in hadoop-common and elsewhere from "compile" to "provided".

This means that protobuf-2.5 is
* No longer included in hadoop distributions
* No longer exported by hadoop common POM files
* No longer exported transitively by other hadoop modules.
* No longer listed in LICENSE-binary.

Contributed by Steve Loughran
2023-11-06 17:52:05 +00:00
PJ Fanning
b9c9c42b29
HADOOP-18936. Upgrade to jetty 9.4.53 (#6181). Contributed by PJ Fanning.
Signed-off-by: Ayush Saxena <ayushsaxena@apache.org>
2023-10-29 13:09:12 +05:30
PJ Fanning
bbf905dc99
HADOOP-18933. upgrade to netty 4.1.100 due to CVE (#6173)
Mitigates Netty security advisory GHSA-xpw8-rcwv-8f8p
"HTTP/2 Rapid Reset Attack - DDoS vector in the HTTP/2 protocol due RST frames"

Contributed by PJ Fanning
2023-10-25 14:06:13 +01:00
Masatake Iwasaki
8bf72346a5
HADOOP-18942. Upgrade ZooKeeper to 3.7.2. (#6200)
Signed-off-by: Masatake Iwasaki <iwasakims@apache.org>
2023-10-19 18:47:45 +09:00
Masatake Iwasaki
13843f4a88
HADOOP-18867. Upgrade ZooKeeper to 3.6.4. (#5988) 2023-10-18 10:31:41 +09:00
Steve Loughran
42e695d510
HADOOP-18932. S3A. upgrade AWS v2 SDK to 2.20.160 and v1 to 1.12.565 (#6178)
v1 => 1.12.565
v2 => 2.20.160
Only the v2 one is distributed; v1 is needed in deployments only to support v1 credential providers

Contributed by Steve Loughran
2023-10-17 12:59:50 +01:00
Steve Loughran
9bc159f4ac
HADOOP-18487. Make protobuf 2.5 an optional runtime dependency. (#4996)
Protobuf 2.5 JAR is no longer needed at runtime. 

The option common.protobuf.scope defines whether the protobuf 2.5.0
dependency is marked as provided or not.

* New package org.apache.hadoop.ipc.internal for internal only protobuf classes
  ...with a ShadedProtobufHelper in there which has shaded protobuf refs
  only, so guaranteed not to need protobuf-2.5 on the CP
* All uses of org.apache.hadoop.ipc.ProtobufHelper have
  been replaced by uses of org.apache.hadoop.ipc.internal.ShadedProtobufHelper
* The scope of protobuf-2.5 is set by the option common.protobuf2.scope
  In this patch is it is still "compile"
* There is explicit reference to it in modules where it may be needed.
*  The maven scope of the dependency can be set with the common.protobuf2.scope
   option. It can be set to "provided" in a build:
       -Dcommon.protobuf2.scope=provided
* Add new ipc(callable) method to catch and convert shaded protobuf
  exceptions raised during invocation of the supplied lambda expression
* This is adopted in the code where the migration is not traumatically
  over-complex. RouterAdminProtocolTranslatorPB is left alone for this
  reason.

Contributed by Steve Loughran
2023-10-13 13:48:38 +01:00
PJ Fanning
2bf5a9ed11
HADOOP-18917. Upgrade to commons-io 2.14.0 (#6133). Contributed by PJ Fanning
Signed-off-by: Ayush Saxena <ayushsaxena@apache.org>
2023-10-06 01:58:21 +05:30
PJ Fanning
35c42e4039
HADOOP-18912. upgrade snappy-java to 1.1.10.4 (#6115). Contributed by PJ Fanning.
Signed-off-by: Ayush Saxena <ayushsaxena@apache.org>
2023-09-28 11:22:31 +05:30
Masatake Iwasaki
0c153fe465
YARN-11558. Fix dependency convergence error on hbase2 profile. (#6017) 2023-09-28 10:17:29 +09:00
PJ Fanning
c16484ffb2
HADOOP-18890. Remove use of okhttp in runtime code (#6057)
Contributed by PJ Fanning
2023-09-19 12:38:36 +01:00
PJ Fanning
dea446419f
HADOOP-18895. Upgrade to commons-compress 1.24.0 (#6062)
Contributed by PJ Fanning
2023-09-14 17:49:12 +01:00
PJ Fanning
56b928b86f
YARN-11498. Add exclusion for jettison everywhere jersey-json is loaded (#5786)
All uses  of jersey-json in the yarn and other hadoop modules now
exclude the obsolete org.codehaus.jettison/jettison and so avoid
all security issues which can come from the library.

Contributed by PJ Fanning
2023-09-13 18:10:24 +01:00
Steve Loughran
81d90fd65b
HADOOP-18073. S3A: Upgrade AWS SDK to V2 (#5995)
This patch migrates the S3A connector to use the V2 AWS SDK.

This is a significant change at the source code level.
Any applications using the internal extension/override points in
the filesystem connector are likely to break.

This includes but is not limited to:
- Code invoking methods on the S3AFileSystem class
  which used classes from the V1 SDK.
- The ability to define the factory for the `AmazonS3` client, and
  to retrieve it from the S3AFileSystem. There is a new factory
  API and a special interface S3AInternals to access a limited
  set of internal classes and operations.
- Delegation token and auditing extensions.
- Classes trying to integrate with the AWS SDK.

All standard V1 credential providers listed in the option 
fs.s3a.aws.credentials.provider will be automatically remapped to their
V2 equivalent.

Other V1 Credential Providers are supported, but only if the V1 SDK is
added back to the classpath.  

The SDK Signing plugin has changed; all v1 signers are incompatible.
There is no support for the S3 "v2" signing algorithm.

Finally, the aws-sdk-bundle JAR has been replaced by the shaded V2
equivalent, "bundle.jar", which is now exported by the hadoop-aws module.

Consult the document aws_sdk_upgrade for the full details.

Contributed by Ahmar Suhail + some bits by Steve Loughran
2023-09-11 14:30:25 +01:00
Steve Loughran
28c533a582 Revert "HADOOP-18860. Upgrade mockito version to 4.11.0 (#5977)"
This reverts commit 1046f9cf98.
2023-08-31 14:54:53 +01:00
Anmol Asrani
1046f9cf98
HADOOP-18860. Upgrade mockito version to 4.11.0 (#5977)
As well as the POM update, this patch moves to the (renamed) verify methods. 
Backporting mockito test changes may now require cherrypicking this patch, otherwise
use the old method names.

Contributed by Anmol Asrani
2023-08-29 12:12:27 +01:00
Benjamin Teke
43c889636a
YARN-11535. Remove jackson-dataformat-yaml dependency. (#5970) 2023-08-22 16:42:49 +02:00
Susheel Gupta
271b4b25cd
Revert "YARN-11535: Jackson-dataformat-yaml should be upgraded to 2.15.2 as it may cause transitive dependency issue with 2.12.7" (#5969)
This reverts commit 35af8b9d02.
2023-08-21 17:43:08 +02:00
Viraj Jasani
911e9e0c01
HADOOP-18832. Upgrade aws-java-sdk to 1.12.499 (#5908)
Contributed by Viraj Jasani
2023-08-16 14:34:36 +01:00
rohit-kb
b1ed23654c
HADOOP-18837. Upgrade okio to 3.4.0 due to CVE-2023-3635. (#5914)
Contributed by Rohit Kumar
2023-08-08 13:37:20 +01:00
Susheel Gupta
35af8b9d02
YARN-11535: Jackson-dataformat-yaml should be upgraded to 2.15.2 as it may cause transitive dependency issue with 2.12.7 (#5884) 2023-08-03 16:35:27 +02:00
PJ Fanning
5a35fb5a72
HADOOP-18783. Upgrade to netty 4.1.94 due to CVE (#5774). Contributed by PJ Fanning. 2023-07-02 14:08:13 +05:30
PJ Fanning
56ef05a9ca
HADOOP-18782. Upgrade to snappy-java 1.1.10.1 due to CVEs (#5773)
Addresses CVE-2023-34454

Contributed by PJ Fanning
2023-06-27 11:53:02 +01:00
rohit-kb
21d9c4727c
HADOOP-18773. Upgrade maven-shade-plugin to 3.4.1 (#5750)
This is needed to successfully shade the hadoop binaries on recent Java versions.

Contributed by Rohit Kumar
2023-06-27 10:40:22 +01:00
liangxs
cebcb44d37
HADOOP-18713. Update solr from 8.8.2 to 8.11.2 (#5459). Contributed by Xuesen Liang.
Reviewed-by: Wei-Chiu Chuang <weichiu@apache.org>
Signed-off-by: Ayush Saxena <ayushsaxena@apache.org>
2023-06-22 13:15:57 +05:30
Viraj Jasani
2fe3b2a73f
HADOOP-18763. Upgrade aws-java-sdk to 1.12.367 (#5741)
Contributed By: Viraj Jasani
2023-06-15 01:09:41 +05:30
Wei-Chiu Chuang
e1bb4acd36
HADOOP-18761. Remove mysql-connector-java (#5731) 2023-06-12 15:31:03 -07:00
Ayush Saxena
1d0c9ab433
Revert "HADOOP-18207. Introduce hadoop-logging module (#5503)"
This reverts commit 03a499821c.
2023-06-05 09:34:40 +05:30
Viraj Jasani
03a499821c
HADOOP-18207. Introduce hadoop-logging module (#5503)
Reviewed-by: Duo Zhang <zhangduo@apache.org>
2023-06-02 18:07:34 -07:00
slfan1989
2f87f716fa
YARN-3660. BackPort [GPG] Federation Global Policy Generator (service hook only). (#5625) 2023-05-12 18:12:05 -07:00
slfan1989
a2dda0ce03
HADOOP-18359. Update commons-cli from 1.2 to 1.5. (#5095). Contributed by Shilun Fan.
Signed-off-by: Ayush Saxena <ayushsaxena@apache.org>
2023-05-10 01:42:12 +05:30
PJ Fanning
b683769fc9
HADOOP-18712. Upgrade to jetty 9.4.51 due to cve (#5574). Contributed by PJ Fanning.
Signed-off-by: Ayush Saxena <ayushsaxena@apache.org>
2023-04-24 01:01:51 +05:30
dependabot[bot]
3b7783c549
HADOOP-18689. Bump jettison from 1.5.3 to 1.5.4 in /hadoop-project (#5502)
Co-authored-by: Ayush Saxena <ayushsaxena@apache.org>
2023-04-22 16:19:21 +05:30
PJ Fanning
ad49ddda0e
HADOOP-18711. upgrade nimbus jwt jar due to issues in its embedded shaded json-smart code. (#5573). Contributed by PJ Fanning.
Signed-off-by: Ayush Saxena <ayushsaxena@apache.org>
2023-04-22 14:01:09 +05:30
PJ Fanning
0918c87fa2
HADOOP-18687. Remove json-smart dependency. (#5549). Contributed by PJ Fanning.
Signed-off-by: Ayush Saxena <ayushsaxena@apache.org>
2023-04-20 18:28:09 +05:30
Ayush Saxena
9e3d5c754b
Revert "HADOOP-18687. Remove json-smart dependency. (#5549). Contributed by PJ Fanning."
This reverts commit b6c0ec796e.
2023-04-20 10:26:08 +05:30
PJ Fanning
b6c0ec796e
HADOOP-18687. Remove json-smart dependency. (#5549). Contributed by PJ Fanning.
Signed-off-by: Ayush Saxena <ayushsaxena@apache.org>
2023-04-20 00:47:22 +05:30
dependabot[bot]
f1936d29f1
HADOOP-18693. Bump derby from 10.10.2.0 to 10.14.2.0 in /hadoop-project (#5427)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-04-13 10:25:17 -07:00
mjwiq
e45451f9c7
HADOOP-18687. hadoop-auth: remove unnecessary dependency on json-smart (#5524)
Contributed by Michiel de Jong
2023-04-06 16:00:33 +01:00
PJ Fanning
476340c699
HADOOP-18658. snakeyaml dependency: upgrade to v2.0 (#5467). Contributed by PJ Fanning.
Signed-off-by: Ayush Saxena <ayushsaxena@apache.org>
2023-03-13 10:08:04 +05:30
nao
734f7abfb8
HADOOP-18646. Upgrade Netty to 4.1.89.Final to fix CVE-2022-41881 (#5435)
This fixes CVE-2022-41881.

This also upgrades io.opencensus dependencies to 0.12.3
 
Contributed by Aleksandr Nikolaev
2023-03-10 15:27:22 +00:00
rohit-kb
487368c4b9
HADOOP-18655. Upgrade kerby to 2.0.3 due to CVE-2023-25613 (#5458)
Upgrade kerby to 2.0.3 due to the CVE https://nvd.nist.gov/vuln/detail/CVE-2023-25613


Contributed by Rohit Kumar Badeau
2023-03-08 15:31:03 +00:00
Steve Loughran
dcd9dc6983
HADOOP-18641. Cloud connector dependency and LICENSE fixup. (#5429)
POM and LICENSE fixup of transient dependencies
* Exclude hadoop-cloud-storage imports which come in with hadoop-common
* Add explicit import of hadoop's org.codehaus.jettison declaration
  to hadoop-aliyun
* Tune aliyun jars imports
* Update LICENSE-binary for the current set of libraries.

Contributed by Steve Loughran
2023-02-28 10:48:54 +00:00
Steve Loughran
4067facae6
HADOOP-18470. Remove HDFS RBF text in the 3.3.5 index.md file
+ add a link to mukund's apachecon talk

Change-Id: I3d04b385ff1312aabf2a81d034f54f124d544a54
2023-02-23 13:23:35 +00:00
hchaverr
fb31393b65
HADOOP-18535. Implement token storage solution based on MySQL
Fixes #1240

Signed-off-by: Owen O'Malley <oomalley@linkedin.com>
2023-02-22 10:38:50 -08:00
nao
acf82d4d55
HADOOP-18622. Upgrade ant to 1.10.13 (#5360). Contributed by Aleksandr Nikolaev.
Signed-off-by: Ayush Saxena <ayushsaxena@apache.org>
2023-02-21 16:48:49 +05:30
Steve Loughran
d56977e909
HADOOP-18470. More in the 3.3.5 index.html about security (#5383)
Expands on the comments in cluster config to tell people
they shouldn't be running a cluster without a private VLAN
in cloud, that Knox is good here, and unsecured clusters
without a VLAN are just computation-as-a-service to crypto miners

Contributed by Steve Loughran
2023-02-14 17:22:59 +00:00
Viraj Jasani
90de1ff151
HADOOP-18206 Cleanup the commons-logging references and restrict its usage in future (#5315) 2023-02-14 03:24:06 +08:00
Viraj Jasani
4fcceff535
HADOOP-18620 Avoid using grizzly-http-* APIs (#5356) 2023-02-09 10:45:07 +08:00
Szilard Nemeth
b677d40ab5 HADOOP-18602. Remove netty3 dependency 2023-01-27 16:32:50 +01:00
Steve Loughran
970ebaeded
HADOOP-17717. Update wildfly openssl to 1.1.3.Final. (#5310)
Contributed by Wei-Chiu Chuang
2023-01-27 11:50:17 +00:00
PJ Fanning
b9eb760ed2
HADOOP-18587: upgrade to jettison 1.5.3 due to cve (#5270)
Signed-off-by: Chris Nauroth <cnauroth@apache.org>
2023-01-06 15:35:50 -08:00
Ayush Saxena
b93b1c69cc
HADOOP-18586. Update the year to 2023. (#5265). Contributed by Ayush Saxena.
Reviewed-by: Takanobu Asanuma <tasanuma@apache.org>
2023-01-01 22:36:33 +05:30
Steve Loughran
52c72fafe4
HADOOP-18470. Update index md with section on ABFS prefetching 2022-12-19 13:04:26 +00:00
Steve Loughran
5f08e51b72
HADOOP-18561. Update commons-net to 3.9.0 (#5214)
Addresses CVE-2021-37533, which *only* relates to FTP.

Applications not using the ftp:// filesystem, which, as
anyone who has used it will know is very minimal and
so rarely used, is not a critical part of the project.

Furthermore, the FTP-related issue is at worst information leakage
if someone connects to a malicious server.

This is a due diligence PR rather than an emergency fix.

Contributed by Steve Loughran
2022-12-15 16:45:05 +00:00
Murali Krishna
2e88096266
HADOOP-18538. Upgrade kafka to 2.8.2 (#5164)
Signed-off-by: Brahma Reddy Battula <brahma@apache.org>
2022-12-06 22:27:46 +05:30
Steve Loughran
84b33b897c
HADOOP-18470. index.md update for 3.3.5 release 2022-12-05 16:13:24 +00:00
PJ Fanning
e09e81abe4
HADOOP-18496: remove unused okhttp.version (#5140). Contributed by PJ Fanning.
Signed-off-by: Ayush Saxena <ayushsaxena@apache.org>
2022-11-27 18:59:40 +05:30
PJ Fanning
d340c4a7a1
HADOOP-18496. Upgrade okhttp3 and dependencies due to kotlin CVEs (#5035)
Updates okhttp3 and okio so their transitive dependency on Kotlin
stdlib is free from recent CVEs.

okhttp3:okhttp => 4.10.0
okio:okio => 3.2.0
kotlin stdlib => 1.6.20

kotlin CVEs fixed:
 CVE-2022-24329
 CVE-2020-29582
 
Contributed by PJ Fanning.
2022-11-12 14:14:19 +00:00
Steve Vaughan
2ba982a061
MAPREDUCE-7386. Maven parallel builds (skipping tests) fail (#4415)
Contributed by Steve Vaughan Jr
2022-11-04 11:50:43 +00:00
Ashutosh Gupta
e62ba16a02
HADOOP-18484. Upgrade hsqldb to v2.7.1 to mitigate CVE-2022-41853 (#4991) 2022-11-02 08:41:27 +01:00
PJ Fanning
7ba304d1c6
HADOOP-18512: upgrade woodstox-core to 5.4.0 for security fix (#5087). Contributed by PJ Fanning.
Signed-off-by: Ayush Saxena <ayushsaxena@apache.org>
2022-11-02 00:11:41 +05:30
PJ Fanning
d6a65a4180
HADOOP-18472. Upgrade to snakeyaml 1.33 (#4958)
Reviewed-by: Dinesh Chitlangia <dineshc@apache.org>
Signed-off-by: Akira Ajisaka <aajisaka@apache.org>
2022-10-30 02:30:41 +09:00
Willi Raschkowski
c4aa41aa80
HADOOP-18500. Upgrade maven-shade-plugin to 3.3.0 (#5045)
Contributed by Willi Raschkowski
2022-10-20 18:47:33 +01:00
Hexiaoqiao
babb050fa3
HADOOP-18497. Upgrade commons-text version to fix CVE-2022-42889. (#5037). Contributed by PJ Fanning.
Co-authored-by: He Xiaoqiao <hexiaoqiao@apache.org>
Reviewed-by: Ashutosh Gupta <ashugpt@amazon.com>
Signed-off-by: Wei-Chiu Chuang <weichiu@apache.org>
2022-10-18 11:28:56 +08:00
PJ Fanning
4ff6c9b8de
HADOOP-18493: upgrade jackson-databind to 2.12.7.1 (#5011). Contributed by PJ Fanning.
Signed-off-by: Ayush Saxena <ayushsaxena@apache.org>
2022-10-17 10:03:10 +05:30
slfan1989
3ff8f58f8c
HADOOP-18360. Update commons-csv from 1.0 to 1.9.0. (#4928). Contributed by fanshilun.
Signed-off-by: Ayush Saxena <ayushsaxena@apache.org>
2022-10-13 12:10:54 +05:30
Steve Loughran
540a660429
HADOOP-18480. Upgrade aws sdk to 1.12.316 (#4972)
Contributed by Steve Loughran
2022-10-10 10:23:50 +01:00
PJ Fanning
5eddec8c46
HADOOP-18468: Upgrade jettison to 1.5.1 to fix CVE-2022-40149 (#4937)
Contributed by PJ Fanning
2022-10-07 15:44:01 +01:00
Steve Loughran
38b2ed2151
HADOOP-18442. Remove openstack support (#4855)
Contributed by Steve Loughran
2022-10-06 11:49:38 +01:00
Ashutosh Gupta
7923cac86b
HADOOP-18443. Upgrade snakeyaml to 1.32 (#4906)
Co-authored-by: Ashutosh Gupta <ashugpt@amazon.com>
Reviewed-by: Inigo Goiri <inigoiri@apache.org>
Signed-off-by: Akira Ajisaka <aajisaka@apache.org>
2022-09-25 23:49:48 +09:00
PJ Fanning
e6d2c336cb
HADOOP-18341: upgrade commons-configuration2 to 2.8.0 and commons-text to 1.9 (#4578)
Reviewed-by: Ashutosh Gupta <ashugpt@amazon.com>
Signed-off-by: Takanobu Asanuma <tasanuma@apache.org>
2022-09-22 09:45:20 +09:00
slfan1989
4d9bb81b16
HADOOP-18451. Update hsqldb.version from 2.3.4 to 2.5.2. (#4880) 2022-09-20 11:10:51 -07:00
Colm O hEigeartaigh
272844ee57
HADOOP-15072 - Update Apache Kerby to 2.0.2 (#4473) 2022-09-15 00:43:25 +08:00
Ashutosh Gupta
832d0e0d76
HADOOP-18443. Upgrade snakeyaml to 1.31 to mitigate CVE-2022-25857 (#4856)
Co-authored-by: Ashutosh Gupta <ashugpt@amazon.com>
Signed-off-by: Brahma Reddy Battula <brahma@apache.org>
2022-09-08 19:58:38 +05:30
Ayush Saxena
880686d1e3
Revert "HADOOP-18417. Upgrade to M7 of surefire plugin (#4795)"
This reverts commit 1ff121041c.
2022-08-25 03:44:49 +05:30
slfan1989
052d7f286e
HADOOP-18361. Update commons-net from 3.6 to 3.8.0. (#4683). Contributed by fanshilun.
Signed-off-by: Ayush Saxena <ayushsaxena@apache.org>
2022-08-24 20:05:17 +05:30
Steve Vaughan
1ff121041c
HADOOP-18417. Upgrade to M7 of surefire plugin (#4795)
This addresses an issue where the plugin's default classpath for executing tests fails to include org.junit.platform.launcher.core.LauncherFactory.

Contributed by: Steve Vaughan Jr
2022-08-24 11:04:04 +01:00
Ashutosh Gupta
69f6fdb757
HADOOP-18301. Upgrade commons-io to 2.11.0 (#4455)
Co-authored-by: Ashutosh Gupta <ashugpt@amazon.com>
Signed-off-by: Akira Ajisaka <aajisaka@apache.org>
2022-08-03 10:44:39 +09:00
slfan1989
13fbfd5dea
HADOOP-18358. Update commons-math3 from 3.1.1 to 3.6.1. (#4619). Contributed by fanshilun.
Signed-off-by: Ayush Saxena <ayushsaxena@apache.org>
2022-08-02 01:48:47 +05:30
Steve Loughran
58ed621304
HADOOP-18344. Upgrade AWS SDK to 1.12.262 (#4637)
Fixes CVE-2018-7489 in shaded jackson.

+Add more commands in testing.md
 to the CLI tests needed when qualifying
 a release

Contributed by Steve Loughran
2022-07-28 11:29:38 +01:00
Ashutosh Gupta
e664f81ce7
HADOOP-18333.Upgrade jetty version to 9.4.48.v20220622 (#4553)
Co-authored-by: Ashutosh Gupta <ashugpt@amazon.com>
2022-07-21 00:15:39 +08:00
Wei-Chiu Chuang
a55ace7bc0
HADOOP-18079. Upgrade Netty to 4.1.77. (#3977)
Upgrade netty to address

CVE-2019-20444,
CVE-2019-20445
CVE-2022-24823

Contributed by Wei-Chiu Chuang
2022-07-18 10:41:00 +01:00
PJ Fanning
34e548cb62
HADOOP-18332: remove rs-api dependency as it conflicts with jsr311-api (#4547)
This downgrades jackson from the version switched to in
    HADOOP-18033 (2.13.0), to Jackson 2.12.7.
    This removes the dependency on javax.ws.rs-api,
    so avoiding runtime problems with applications using
    jersey-core v1 and/or jsr311-api.
    
    The 2.12.7 release still contains the fix for CVE-2020-36518.
    
    Contributed by PJ Fanning
2022-07-17 21:37:54 +05:30
Colm O hEigeartaigh
25f8bdcd21
HADOOP-18308 - Update to Apache LDAP API 2.0.x (#4477)
Update the dependencies of the LDAP libraries used for testing:

ldap-api.version = 2.0.0
apacheds.version = 2.0.0.AM26

Contributed by Colm O hEigeartaigh.
2022-06-27 11:15:18 +01:00
Igor Dvorzhak
77d1b194c7
HADOOP-18300. Upgrade Gson dependency to version 2.9.0 (#4454)
Reviewed-by: Ayush Saxena <ayushsaxena@apache.org>
Signed-off-by: Chris Nauroth <cnauroth@apache.org>
2022-06-22 16:37:22 -07:00
Mukund Thakur
2daf0a814f HADOOP-11867. Add a high-performance vectored read API. (#3904)
part of HADOOP-18103.
Add support for multiple ranged vectored read api in PositionedReadable.
The default iterates through the ranges to read each synchronously,
but the intent is that FSDataInputStream subclasses can make more
efficient readers especially in object stores implementation.

Also added implementation in S3A where smaller ranges are merged and
sliced byte buffers are returned to the readers. All the merged ranged are
fetched from S3 asynchronously.

Contributed By: Owen O'Malley and Mukund Thakur
2022-06-22 17:29:32 +01:00
Steve Loughran
a234d00c1c
HADOOP-18275. Update os-maven-plugin to 1.7.0 (#4397)
Contributed by Steve Loughran
2022-06-06 13:17:32 +01:00
Viraj Jasani
0733e968ab
HADOOP-18224. Upgrade maven compiler plugin to 3.10.1 (#4267)
Signed-off-by: Akira Ajisaka <aajisaka@apache.org>
2022-05-21 03:21:13 +09:00
Ashutosh Gupta
fb910bd906
HDFS-16453. Upgrade okhttp from 2.7.5 to 4.9.3 (#4229)
Co-authored-by: Ashutosh Gupta <ashugpt@amazon.com>
Signed-off-by: Akira Ajisaka <aajisaka@apache.org>
2022-05-21 02:53:14 +09:00
Ashutosh Gupta
3ecdf39943
HADOOP-18237. Upgrade Apache Xerces Java to 2.12.2 (#4318)
Upgrade Apache Xerces Java to 2.12.2 due to handle vulnerability CVE-2022-23437

Contributed by Ashutosh Gupta
2022-05-17 20:34:12 +01:00
PJ Fanning
63187083cc
HADOOP-15983. Use jersey-json that is built to use jackson2 (#3988)
Signed-off-by: Akira Ajisaka <aajisaka@apache.org>
2022-04-28 14:18:19 +09:00
Viraj Jasani
8ea3358380
HADOOP-18196. Remove replace-guava from replacer plugin (#4152) 2022-04-15 23:24:02 +09:00
PJ Fanning
bfde9102be
HADOOP-18195. Make jackson 1 a runtime scope dependency (#4149)
Contributed by PJ Fanning
2022-04-08 10:24:09 +01:00
PJ Fanning
4b786c797a
HADOOP-18178. Upgrade jackson to 2.13.2 and jackson-databind to 2.13.2.2 (#4111)
Signed-off-by: Akira Ajisaka <aajisaka@apache.org>
2022-04-07 16:19:36 +09:00