yanmin
9ae01bdbe8
HADOOP-19143. Upgrade commons-cli to 1.9.0 ( #7126 ) Contributed by Min Yan.
...
Reviewed-by: Ayush Saxena <ayushsaxena@apache.org>
Signed-off-by: Shilun Fan <slfan1989@apache.org>
2024-11-05 10:39:49 +08:00
slfan1989
7a7b346b0a
Revert "HADOOP-19298. [JDK17] Add a JDK17 profile. ( #7085 ) Contributed by Shilun Fan." ( #7132 )
...
This reverts commit f931ede86b
.
2024-10-28 09:39:16 +08:00
slfan1989
f931ede86b
HADOOP-19298. [JDK17] Add a JDK17 profile. ( #7085 ) Contributed by Shilun Fan.
...
website / build (push) Has been cancelled
Reviewed-by: Steve Loughran <stevel@apache.org>
Reviewed-by: Attila Doroszlai <adoroszlai@apache.org>
Reviewed-by: Cheng Pan <chengpan@apache.org>
Reviewed-by: Min Yan <yaommen@gmail.com>
Signed-off-by: Shilun Fan <slfan1989@apache.org>
2024-10-18 17:16:33 +08:00
Cheng Pan
9321e322d2
HADOOP-19310. Add JPMS options required by Java 17+ ( #7114 ) Contributed by Cheng Pan.
...
Reviewed-by: Attila Doroszlai <adoroszlai@apache.org>
Signed-off-by: Shilun Fan <slfan1989@apache.org>
2024-10-16 14:15:01 +08:00
slfan1989
4e6432a0ab
HADOOP-19296. [JDK17] Upgrade maven-war-plugin to 3.4.0. ( #7086 ) Contributed by Shilun Fan.
...
website / build (push) Has been cancelled
Reviewed-by: Ayush Saxena <ayushsaxena@apache.org>
Reviewed-by: Cheng Pan <chengpan@apache.org>
Signed-off-by: Shilun Fan <slfan1989@apache.org>
2024-10-03 22:32:11 +08:00
Cheng Pan
3f637efaa2
HADOOP-19219. Add JPMS options required by hadoop-common ( #7084 ) Contributed by Cheng Pan.
...
website / build (push) Has been cancelled
Reviewed-by: Steve Loughran <stevel@apache.org>
Signed-off-by: Shilun Fan <slfan1989@apache.org>
2024-10-02 10:45:25 +08:00
Nihal Jain
e602c601dd
HADOOP-15760. Upgrade commons-collections to commons-collections4 ( #7006 )
...
This moves Hadoop to Apache commons-collections4.
Apache commons-collections has been removed and is completely banned from the source code.
Contributed by Nihal Jain
2024-09-24 16:50:22 +01:00
Ayush Saxena
f90a703e48
HADOOP-19165. Drop protobuf 2.5.0 from the distribution ( #7051 ). Contributed by Ayush Saxena.
2024-09-24 20:58:41 +05:30
Saikat Roy
6881d12da4
HADOOP-19262: Upgrade wildfly-openssl:1.1.3.Final to 2.1.4.Final to support Java17+ ( #7026 )
...
Contributed by Saikat Roy
2024-09-09 15:14:03 +01:00
PJ Fanning
a00b1c06f3
HADOOP-19269. Upgrade maven-shade-plugin 3.6.0 ( #7029 )
...
Contributed by PJ Fanning
2024-09-05 20:29:44 +01:00
Cheng Pan
9486844610
HADOOP-16928. Make javadoc work on Java 17 ( #6976 )
...
Contributed by Cheng Pan
2024-09-04 11:50:59 +01:00
Steve Loughran
b404c8c8f8
HADOOP-19252. Upgrade hadoop-thirdparty to 1.3.0 ( #7007 )
...
Update the version of hadoop-thirdparty to 1.3.0
across all shaded artifacts used.
This synchronizes the shaded protobuf library with those of
all other shaded artifacts (guava, avro)
Contributed by Steve Loughran
2024-08-30 11:50:51 +01:00
Cheng Pan
0aab1a2976
HADOOP-19248. Protobuf code generate and replace should happen together ( #6975 )
...
Contributed by Cheng Pan
2024-08-28 20:18:46 +01:00
slfan1989
b5f88990b7
HADOOP-19136. Upgrade commons-io to 2.16.1. ( #6704 )
...
Contributed by Shilun Fan.
2024-08-16 19:42:26 +01:00
Steve Loughran
5f93edfd70
HADOOP-19153. hadoop-common exports logback as a transitive dependency ( #6999 )
...
- Critical: remove the obsolete exclusion list from hadoop-common.
- Diligence: expand the hadoop-project exclusion list to exclude
all ch.qos.logback artifacts
Contributed by Steve Loughran
2024-08-16 13:54:59 +01:00
PJ Fanning
c593c17255
HADOOP-19237. Upgrade to dnsjava 3.6.1 due to CVEs ( #6961 )
...
Contributed by P J Fanning
2024-08-01 20:07:36 +01:00
HarshitGupta11
b1d96f6101
HADOOP-19195. S3A: Upgrade aws sdk v2 to 2.25.53 ( #6900 )
...
Contributed by Harshit Gupta
2024-07-08 10:18:53 +01:00
Cheng Pan
25e28b41cc
HADOOP-19216. Upgrade Guice from 4.0 to 5.1.0 to support Java 17 ( #6913 ). Contributed by Cheng Pan.
...
Signed-off-by: Ayush Saxena <ayushsaxena@apache.org>
2024-07-06 13:13:49 +05:30
PJ Fanning
bb30545583
HADOOP-19163. Use hadoop-shaded-protobuf_3_25 ( #6858 )
...
Contributed by PJ Fanning
2024-06-11 17:10:00 +01:00
slfan1989
10df59e421
Revert "HADOOP-19071. Update maven-surefire-plugin from 3.0.0 to 3.2.5. ( #6664 )" ( #6875 )
...
This reverts commit 88ad7db80d
.
Signed-off-by: Shilun Fan <slfan1989@apache.org>
2024-06-08 14:51:28 +08:00
PJ Fanning
2ee0bf9534
HADOOP-19154. Upgrade bouncycastle to 1.78.1 due to CVEs ( #6755 )
...
Addresses
* CVE-2024-29857 - Importing an EC certificate with specially crafted F2m parameters can cause high CPU usage during parameter evaluation.
* CVE-2024-30171 - Possible timing based leakage in RSA based handshakes due to exception processing eliminated.
* CVE-2024-30172 - Crafted signature and public key can be used to trigger an infinite loop in the Ed25519 verification code.
* CVE-2024-301XX - When endpoint identification is enabled and an SSL socket is not created with an explicit hostname (as happens with HttpsURLConnection), hostname verification could be performed against a DNS-resolved IP address.
Contributed by PJ Fanning
2024-06-05 15:31:23 +01:00
slfan1989
9f6c997662
YARN-11471. [Federation] FederationStateStoreFacade Cache Support Caffeine. ( #6795 ) Contributed by Shilun Fan.
...
Reviewed-by: Inigo Goiri <inigoiri@apache.org>
Signed-off-by: Shilun Fan <slfan1989@apache.org>
2024-06-01 06:15:20 +08:00
Murali Krishna
1baf0e889f
HADOOP-18962. Upgrade kafka to 3.4.0 ( #6247 )
...
Upgrade Kafka Client due to CVEs
* CVE-2023-25194
* CVE-2021-38153
* CVE-2018-17196
Contributed by Murali Krishna
2024-05-24 17:40:37 +01:00
slfan1989
be28467374
Revert "Bump org.apache.derby:derby in /hadoop-project ( #6816 )" ( #6841 )
...
This reverts commit b5a90d9500
.
2024-05-21 08:46:14 +08:00
Steve Loughran
cfdf1f5e8e
HADOOP-19172. S3A: upgrade AWS v1 sdk to 1.12.720 ( #6823 )
...
+remove reference in LICENSE-binary as it is no longer shipped
Contributed by Steve Loughran
2024-05-15 14:40:39 +01:00
dependabot[bot]
b5a90d9500
Bump org.apache.derby:derby in /hadoop-project ( #6816 )
...
Bumps org.apache.derby:derby from 10.14.2.0 to 10.17.1.0.
---
updated-dependencies:
- dependency-name: org.apache.derby:derby
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-05-13 12:47:31 +08:00
dependabot[bot]
1d09a64e34
Bump org.bouncycastle:bcprov-jdk18on in /hadoop-project ( #6811 )
...
Bumps [org.bouncycastle:bcprov-jdk18on](https://github.com/bcgit/bc-java ) from 1.77 to 1.78.
- [Changelog](https://github.com/bcgit/bc-java/blob/main/docs/releasenotes.html )
- [Commits](https://github.com/bcgit/bc-java/commits )
---
updated-dependencies:
- dependency-name: org.bouncycastle:bcprov-jdk18on
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-05-12 18:38:36 +05:30
Doroszlai, Attila
2645898450
HADOOP-19160. hadoop-auth should not depend on kerb-simplekdc ( #6788 )
2024-05-03 12:57:26 +02:00
slfan1989
88ad7db80d
HADOOP-19071. Update maven-surefire-plugin from 3.0.0 to 3.2.5. ( #6664 ) Contributed by Shilun Fan.
...
Reviewed-by: Steve Loughran <stevel@cloudera.com>
Reviewed-by: Ayush Saxena <ayushsaxena@apache.org>
Signed-off-by: Shilun Fan <slfan1989@apache.org>
2024-04-27 20:30:21 +08:00
Ayush Saxena
eec9cd2997
HADOOP-19107. Drop support for HBase v1 & upgrade HBase v2 ( #6629 ). Contributed by Ayush Saxena
2024-04-22 21:55:58 +05:30
slfan1989
a1ae35e691
HADOOP-19135. Remove Jcache 1.0-alpha. ( #6695 ) Contributed by Shilun Fan.
...
Reviewed-by: Steve Loughran <stevel@cloudera.com>
Signed-off-by: Shilun Fan <slfan1989@apache.org>
2024-04-05 22:09:15 +08:00
PJ Fanning
eede5b1315
HADOOP-19114. Upgrade to commons-compress 1.26.1 due to CVEs. ( #6636 )
...
This addresses two CVEs triggered by malformed archives
Important: Denial of Service CVE-2024-25710
Moderate: Denial of Service CVE-2024-26308
Contributed by PJ Fanning
2024-04-03 19:32:15 +01:00
PJ Fanning
1357bb162d
HADOOP-19123. Update to commons-configuration2 2.10.1 due to CVE ( #6661 ). Contributed by PJ Fanning
...
Reviewed-by: Shilun Fan <slfan1989@apache.org>
Signed-off-by: Ayush Saxena <ayushsaxena@apache.org>
2024-04-03 01:20:00 +05:30
PJ Fanning
06db6289cb
HADOOP-19024. Use bouncycastle jdk18 1.77 ( #6410 ). Contributed
2024-03-30 19:58:12 +05:30
slfan1989
347521c95d
HADOOP-19124. Update org.ehcache from 3.3.1 to 3.8.2. ( #6665 )
2024-03-28 21:56:12 -04:00
PJ Fanning
5bfca65692
HADOOP-19115. Upgrade to nimbus-jose-jwt 9.37.2 due to CVE-2023-52428. ( #6637 )
...
Contributed by PJ Fanning
2024-03-27 10:30:55 +00:00
PJ Fanning
7653f968e5
HADOOP-19116. Update to zookeeper client 3.8.4 due to CVE-2024-23944. ( #6638 )
...
Updated ZK client dependency to 3.8.4 to address CVE-2024-23944.
Contributed by PJ Fanning
2024-03-25 15:10:56 +00:00
PJ Fanning
e28c78f9a2
HADOOP-19088. Use jersey-json 1.22.0 ( #6585 )
...
Contributed by pjfanning
2024-03-12 20:16:47 +00:00
PJ Fanning
fc166d3aec
HADOOP-19090. Use protobuf-java 3.23.4. ( #6593 ). Contributed by PJ Fanning.
2024-03-07 15:09:01 +05:30
HarshitGupta11
d974a12f39
HADOOP-19082: S3A: Update AWS SDK V2 to 2.24.6 ( #6568 )
...
Update the AWS SDK to 2.24.6 from 2.23.5 for latest updates in packaging w.r.t. IMDS module.
Contributed by Harshit Gupta
2024-03-05 10:15:05 +00:00
Steve Loughran
a0ce2170db
HADOOP-19084. Prune hadoop-common transitive dependencies ( #6574 ) ( #6582 )
...
Exclude more artifacts which are dependencies of hadoop-* modules,
with the goal of keeping conflict out of downstream applications.
In particular we have pruned the dependencies of of:
-zookeeper
-other libraries referencing logging
This keeps slf4j-log4j12 and log4j12 off the classpath
of applications importing hadoop-common.
Somehow logback references do still surface; applications
pulling in hadoop-common directly or indirectly should
review their imports carefully.
Contributed by Steve Loughran
2024-03-01 12:51:13 +00:00
slfan1989
10ab8abccd
Revert "HADOOP-19071. Update maven-surefire-plugin from 3.0.0 to 3.2.5. ( #6537 )" ( #6578 )
...
This reverts commit 555faf28ce
.
2024-02-23 14:25:15 +08:00
Steve Loughran
095dfcca30
HADOOP-18088. Replace log4j 1.x with reload4j. ( #4052 )
...
Co-authored-by: Wei-Chiu Chuang <weichiu@apache.org>
Includes HADOOP-18354. Upgrade reload4j to 1.22.2 due to XXE vulnerability (#4607 ).
Log4j 1.2.17 has been replaced by reloadj 1.22.2
SLF4J is at 1.7.36
2024-02-13 16:33:51 +00:00
slfan1989
555faf28ce
HADOOP-19071. Update maven-surefire-plugin from 3.0.0 to 3.2.5. ( #6537 ) Contributed by Shilun Fan
...
Reviewed-by: Steve Loughran <stevel@cloudera.com>
Signed-off-by: Shilun Fan <slfan1989@apache.org>
2024-02-11 07:41:46 +08:00
Adnan Hemani
50d256ef3c
HADOOP-19059. S3A: Update AWS Java SDK to 2.23.19 ( #6538 )
...
Contributed by Adnan Hemani
2024-02-08 20:38:37 +00:00
slfan1989
8011b21c52
HADOOP-19069. Use hadoop-thirdparty 1.2.0. ( #6533 ) Contributed by Shilun Fan
...
Reviewed-by: He Xiaoqiao <hexiaoqiao@apache.org>
Signed-off-by: Shilun Fan <slfan1989@apache.org>
2024-02-08 19:18:04 +08:00
Takanobu Asanuma
2f1718c363
HADOOP-19056. Highlight RBF features and improvements targeting version 3.4. ( #6512 ) Contributed by Takanobu Asanuma.
...
Signed-off-by: Shilun Fan <slfan1989@apache.org>
2024-01-31 13:30:35 +08:00
Steve Loughran
8261229daa
HADOOP-18830. Cut S3 Select ( #6144 )
...
Cut out S3 Select
* leave public/unstable constants alone
* s3guard tool will fail with error
* s3afs. path capability will fail
* openFile() will fail with specific error
* s3 select doc updated
* Cut eventstream jar
* New test: ITestSelectUnsupported verifies new failure
handling above
Contributed by Steve Loughran
2024-01-30 16:12:27 +00:00
Benjamin Teke
897f446d54
HADOOP-19051: Highlight Capacity Scheduler new features in release for the release 3.4.0 ( #6500 ) Contributed by Benjamin Teke.
...
Signed-off-by: Shilun Fan <slfan1989@apache.org>
2024-01-26 13:33:55 +08:00
slfan1989
38f10c657e
HADOOP-19039. Hadoop 3.4.0 Highlight big features and improvements. ( #6462 ) Contributed by Shilun Fan.
...
Reviewed-by: He Xiaoqiao <hexiaoqiao@apache.org>
Signed-off-by: Shilun Fan <slfan1989@apache.org>
2024-01-25 15:42:21 +08:00