rohit-kb
b1ed23654c
HADOOP-18837. Upgrade okio to 3.4.0 due to CVE-2023-3635. ( #5914 )
...
Contributed by Rohit Kumar
2023-08-08 13:37:20 +01:00
Susheel Gupta
35af8b9d02
YARN-11535: Jackson-dataformat-yaml should be upgraded to 2.15.2 as it may cause transitive dependency issue with 2.12.7 ( #5884 )
2023-08-03 16:35:27 +02:00
PJ Fanning
5a35fb5a72
HADOOP-18783. Upgrade to netty 4.1.94 due to CVE ( #5774 ). Contributed by PJ Fanning.
2023-07-02 14:08:13 +05:30
PJ Fanning
56ef05a9ca
HADOOP-18782. Upgrade to snappy-java 1.1.10.1 due to CVEs ( #5773 )
...
Addresses CVE-2023-34454
Contributed by PJ Fanning
2023-06-27 11:53:02 +01:00
rohit-kb
21d9c4727c
HADOOP-18773. Upgrade maven-shade-plugin to 3.4.1 ( #5750 )
...
This is needed to successfully shade the hadoop binaries on recent Java versions.
Contributed by Rohit Kumar
2023-06-27 10:40:22 +01:00
liangxs
cebcb44d37
HADOOP-18713. Update solr from 8.8.2 to 8.11.2 ( #5459 ). Contributed by Xuesen Liang.
...
Reviewed-by: Wei-Chiu Chuang <weichiu@apache.org>
Signed-off-by: Ayush Saxena <ayushsaxena@apache.org>
2023-06-22 13:15:57 +05:30
Viraj Jasani
2fe3b2a73f
HADOOP-18763. Upgrade aws-java-sdk to 1.12.367 ( #5741 )
...
Contributed By: Viraj Jasani
2023-06-15 01:09:41 +05:30
Wei-Chiu Chuang
e1bb4acd36
HADOOP-18761. Remove mysql-connector-java ( #5731 )
2023-06-12 15:31:03 -07:00
Ayush Saxena
1d0c9ab433
Revert "HADOOP-18207. Introduce hadoop-logging module ( #5503 )"
...
This reverts commit 03a499821c
.
2023-06-05 09:34:40 +05:30
Viraj Jasani
03a499821c
HADOOP-18207. Introduce hadoop-logging module ( #5503 )
...
Reviewed-by: Duo Zhang <zhangduo@apache.org>
2023-06-02 18:07:34 -07:00
slfan1989
2f87f716fa
YARN-3660. BackPort [GPG] Federation Global Policy Generator (service hook only). ( #5625 )
2023-05-12 18:12:05 -07:00
slfan1989
a2dda0ce03
HADOOP-18359. Update commons-cli from 1.2 to 1.5. ( #5095 ). Contributed by Shilun Fan.
...
Signed-off-by: Ayush Saxena <ayushsaxena@apache.org>
2023-05-10 01:42:12 +05:30
PJ Fanning
b683769fc9
HADOOP-18712. Upgrade to jetty 9.4.51 due to cve ( #5574 ). Contributed by PJ Fanning.
...
Signed-off-by: Ayush Saxena <ayushsaxena@apache.org>
2023-04-24 01:01:51 +05:30
dependabot[bot]
3b7783c549
HADOOP-18689. Bump jettison from 1.5.3 to 1.5.4 in /hadoop-project ( #5502 )
...
Co-authored-by: Ayush Saxena <ayushsaxena@apache.org>
2023-04-22 16:19:21 +05:30
PJ Fanning
ad49ddda0e
HADOOP-18711. upgrade nimbus jwt jar due to issues in its embedded shaded json-smart code. ( #5573 ). Contributed by PJ Fanning.
...
Signed-off-by: Ayush Saxena <ayushsaxena@apache.org>
2023-04-22 14:01:09 +05:30
PJ Fanning
0918c87fa2
HADOOP-18687. Remove json-smart dependency. ( #5549 ). Contributed by PJ Fanning.
...
Signed-off-by: Ayush Saxena <ayushsaxena@apache.org>
2023-04-20 18:28:09 +05:30
Ayush Saxena
9e3d5c754b
Revert "HADOOP-18687. Remove json-smart dependency. ( #5549 ). Contributed by PJ Fanning."
...
This reverts commit b6c0ec796e
.
2023-04-20 10:26:08 +05:30
PJ Fanning
b6c0ec796e
HADOOP-18687. Remove json-smart dependency. ( #5549 ). Contributed by PJ Fanning.
...
Signed-off-by: Ayush Saxena <ayushsaxena@apache.org>
2023-04-20 00:47:22 +05:30
dependabot[bot]
f1936d29f1
HADOOP-18693. Bump derby from 10.10.2.0 to 10.14.2.0 in /hadoop-project ( #5427 )
...
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-04-13 10:25:17 -07:00
mjwiq
e45451f9c7
HADOOP-18687. hadoop-auth: remove unnecessary dependency on json-smart ( #5524 )
...
Contributed by Michiel de Jong
2023-04-06 16:00:33 +01:00
PJ Fanning
476340c699
HADOOP-18658. snakeyaml dependency: upgrade to v2.0 ( #5467 ). Contributed by PJ Fanning.
...
Signed-off-by: Ayush Saxena <ayushsaxena@apache.org>
2023-03-13 10:08:04 +05:30
nao
734f7abfb8
HADOOP-18646. Upgrade Netty to 4.1.89.Final to fix CVE-2022-41881 ( #5435 )
...
This fixes CVE-2022-41881.
This also upgrades io.opencensus dependencies to 0.12.3
Contributed by Aleksandr Nikolaev
2023-03-10 15:27:22 +00:00
rohit-kb
487368c4b9
HADOOP-18655. Upgrade kerby to 2.0.3 due to CVE-2023-25613 ( #5458 )
...
Upgrade kerby to 2.0.3 due to the CVE https://nvd.nist.gov/vuln/detail/CVE-2023-25613
Contributed by Rohit Kumar Badeau
2023-03-08 15:31:03 +00:00
Steve Loughran
dcd9dc6983
HADOOP-18641. Cloud connector dependency and LICENSE fixup. ( #5429 )
...
POM and LICENSE fixup of transient dependencies
* Exclude hadoop-cloud-storage imports which come in with hadoop-common
* Add explicit import of hadoop's org.codehaus.jettison declaration
to hadoop-aliyun
* Tune aliyun jars imports
* Update LICENSE-binary for the current set of libraries.
Contributed by Steve Loughran
2023-02-28 10:48:54 +00:00
Steve Loughran
4067facae6
HADOOP-18470. Remove HDFS RBF text in the 3.3.5 index.md file
...
+ add a link to mukund's apachecon talk
Change-Id: I3d04b385ff1312aabf2a81d034f54f124d544a54
2023-02-23 13:23:35 +00:00
hchaverr
fb31393b65
HADOOP-18535. Implement token storage solution based on MySQL
...
Fixes #1240
Signed-off-by: Owen O'Malley <oomalley@linkedin.com>
2023-02-22 10:38:50 -08:00
nao
acf82d4d55
HADOOP-18622. Upgrade ant to 1.10.13 ( #5360 ). Contributed by Aleksandr Nikolaev.
...
Signed-off-by: Ayush Saxena <ayushsaxena@apache.org>
2023-02-21 16:48:49 +05:30
Steve Loughran
d56977e909
HADOOP-18470. More in the 3.3.5 index.html about security ( #5383 )
...
Expands on the comments in cluster config to tell people
they shouldn't be running a cluster without a private VLAN
in cloud, that Knox is good here, and unsecured clusters
without a VLAN are just computation-as-a-service to crypto miners
Contributed by Steve Loughran
2023-02-14 17:22:59 +00:00
Viraj Jasani
90de1ff151
HADOOP-18206 Cleanup the commons-logging references and restrict its usage in future ( #5315 )
2023-02-14 03:24:06 +08:00
Viraj Jasani
4fcceff535
HADOOP-18620 Avoid using grizzly-http-* APIs ( #5356 )
2023-02-09 10:45:07 +08:00
Szilard Nemeth
b677d40ab5
HADOOP-18602. Remove netty3 dependency
2023-01-27 16:32:50 +01:00
Steve Loughran
970ebaeded
HADOOP-17717. Update wildfly openssl to 1.1.3.Final. ( #5310 )
...
Contributed by Wei-Chiu Chuang
2023-01-27 11:50:17 +00:00
PJ Fanning
b9eb760ed2
HADOOP-18587: upgrade to jettison 1.5.3 due to cve ( #5270 )
...
Signed-off-by: Chris Nauroth <cnauroth@apache.org>
2023-01-06 15:35:50 -08:00
Ayush Saxena
b93b1c69cc
HADOOP-18586. Update the year to 2023. ( #5265 ). Contributed by Ayush Saxena.
...
Reviewed-by: Takanobu Asanuma <tasanuma@apache.org>
2023-01-01 22:36:33 +05:30
Steve Loughran
52c72fafe4
HADOOP-18470. Update index md with section on ABFS prefetching
2022-12-19 13:04:26 +00:00
Steve Loughran
5f08e51b72
HADOOP-18561. Update commons-net to 3.9.0 ( #5214 )
...
Addresses CVE-2021-37533, which *only* relates to FTP.
Applications not using the ftp:// filesystem, which, as
anyone who has used it will know is very minimal and
so rarely used, is not a critical part of the project.
Furthermore, the FTP-related issue is at worst information leakage
if someone connects to a malicious server.
This is a due diligence PR rather than an emergency fix.
Contributed by Steve Loughran
2022-12-15 16:45:05 +00:00
Murali Krishna
2e88096266
HADOOP-18538. Upgrade kafka to 2.8.2 ( #5164 )
...
Signed-off-by: Brahma Reddy Battula <brahma@apache.org>
2022-12-06 22:27:46 +05:30
Steve Loughran
84b33b897c
HADOOP-18470. index.md update for 3.3.5 release
2022-12-05 16:13:24 +00:00
PJ Fanning
e09e81abe4
HADOOP-18496: remove unused okhttp.version ( #5140 ). Contributed by PJ Fanning.
...
Signed-off-by: Ayush Saxena <ayushsaxena@apache.org>
2022-11-27 18:59:40 +05:30
PJ Fanning
d340c4a7a1
HADOOP-18496. Upgrade okhttp3 and dependencies due to kotlin CVEs ( #5035 )
...
Updates okhttp3 and okio so their transitive dependency on Kotlin
stdlib is free from recent CVEs.
okhttp3:okhttp => 4.10.0
okio:okio => 3.2.0
kotlin stdlib => 1.6.20
kotlin CVEs fixed:
CVE-2022-24329
CVE-2020-29582
Contributed by PJ Fanning.
2022-11-12 14:14:19 +00:00
Steve Vaughan
2ba982a061
MAPREDUCE-7386. Maven parallel builds (skipping tests) fail ( #4415 )
...
Contributed by Steve Vaughan Jr
2022-11-04 11:50:43 +00:00
Ashutosh Gupta
e62ba16a02
HADOOP-18484. Upgrade hsqldb to v2.7.1 to mitigate CVE-2022-41853 ( #4991 )
2022-11-02 08:41:27 +01:00
PJ Fanning
7ba304d1c6
HADOOP-18512: upgrade woodstox-core to 5.4.0 for security fix ( #5087 ). Contributed by PJ Fanning.
...
Signed-off-by: Ayush Saxena <ayushsaxena@apache.org>
2022-11-02 00:11:41 +05:30
PJ Fanning
d6a65a4180
HADOOP-18472. Upgrade to snakeyaml 1.33 ( #4958 )
...
Reviewed-by: Dinesh Chitlangia <dineshc@apache.org>
Signed-off-by: Akira Ajisaka <aajisaka@apache.org>
2022-10-30 02:30:41 +09:00
Willi Raschkowski
c4aa41aa80
HADOOP-18500. Upgrade maven-shade-plugin to 3.3.0 ( #5045 )
...
Contributed by Willi Raschkowski
2022-10-20 18:47:33 +01:00
Hexiaoqiao
babb050fa3
HADOOP-18497. Upgrade commons-text version to fix CVE-2022-42889. ( #5037 ). Contributed by PJ Fanning.
...
Co-authored-by: He Xiaoqiao <hexiaoqiao@apache.org>
Reviewed-by: Ashutosh Gupta <ashugpt@amazon.com>
Signed-off-by: Wei-Chiu Chuang <weichiu@apache.org>
2022-10-18 11:28:56 +08:00
PJ Fanning
4ff6c9b8de
HADOOP-18493: upgrade jackson-databind to 2.12.7.1 ( #5011 ). Contributed by PJ Fanning.
...
Signed-off-by: Ayush Saxena <ayushsaxena@apache.org>
2022-10-17 10:03:10 +05:30
slfan1989
3ff8f58f8c
HADOOP-18360. Update commons-csv from 1.0 to 1.9.0. ( #4928 ). Contributed by fanshilun.
...
Signed-off-by: Ayush Saxena <ayushsaxena@apache.org>
2022-10-13 12:10:54 +05:30
Steve Loughran
540a660429
HADOOP-18480. Upgrade aws sdk to 1.12.316 ( #4972 )
...
Contributed by Steve Loughran
2022-10-10 10:23:50 +01:00
PJ Fanning
5eddec8c46
HADOOP-18468: Upgrade jettison to 1.5.1 to fix CVE-2022-40149 ( #4937 )
...
Contributed by PJ Fanning
2022-10-07 15:44:01 +01:00