+1 (binding) * verified signature and checksum of the source tarball. * built the source code on Rocky Linux 8 (x86_64) and OpenJDK 8 by `mvn install -DskipTests -Pnative -Pdist`. * launched pseudo distributed cluster with Kerberos security enabled and ran sample MR jobs. * launched HA enabled 3-nodes docker cluster and ran sample MR jobs. * launched pseudo distributed cluster and `spark-shell --master yarn` with spark-3.2.1-bin-without-hadoop and ran some tutorial code. * built site documentation by `mvn site site:stage -Preleasedocs` and skimmed the contents.
Thanks, Masatake Iwasaki On 2022/05/03 20:18, Steve Loughran wrote:
I have put together a release candidate (rc0) for Hadoop 3.3.3 The RC is available at: https://dist.apache.org/repos/dist/dev/hadoop/3.3.3-RC0/ The git tag is release-3.3.3-RC0, commit d37586cbda3 The maven artifacts are staged at https://repository.apache.org/content/repositories/orgapachehadoop-1348/ You can find my public key at: https://dist.apache.org/repos/dist/release/hadoop/common/KEYS Change log https://dist.apache.org/repos/dist/dev/hadoop/3.3.3-RC0/CHANGELOG.md Release notes https://dist.apache.org/repos/dist/dev/hadoop/3.3.3-RC0/RELEASENOTES.md There's a very small number of changes, primarily critical code/packaging issues and security fixes. - The critical fixes which shipped in the 3.2.3 release. - CVEs in our code and dependencies - Shaded client packaging issues. - A switch from log4j to reload4j reload4j is an active fork of the log4j 1.17 library with the classes which contain CVEs removed. Even though hadoop never used those classes, they regularly raised alerts on security scans and concen from users. Switching to the forked project allows us to ship a secure logging framework. It will complicate the builds of downstream maven/ivy/gradle projects which exclude our log4j artifacts, as they need to cut the new dependency instead/as well. See the release notes for details. This is my first release through the new docker build process, do please validate artifact signing &c to make sure it is good. I'll be trying builds of downstream projects. We know there are some outstanding issues with at least one library we are shipping (okhttp), but I don't want to hold this release up for it. If the docker based release process works smoothly enough we can do a followup security release in a few weeks. Please try the release and vote. The vote will run for 5 days. -Steve
--------------------------------------------------------------------- To unsubscribe, e-mail: common-dev-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-dev-h...@hadoop.apache.org
