I would like to get some dependencies upgraded for Hadoop 3.4.0. For me, it would be good to upgrade protobuf-java and Jackson to more secure versions.
For protobuf-java, that would involve releasing hadoop-thirdparty 1.2.0 [1], including merging the protobuf upgrade [2]. For Jackson, we are hampered by Jackson dropping support for Jersey/JAX-RS 1.x. I have a workaround for this that I think is worth further investigating [3]. [1] https://github.com/apache/hadoop-thirdparty [2] https://github.com/apache/hadoop-thirdparty/pull/19 [3] https://github.com/apache/hadoop/pull/6370 On 2024/01/04 14:26:37 slfan1989 wrote: > Hey all, > > We are planning to release Hadoop 3.4.0 base on trunk. I made some > preparations and changed the target version of JIRA for non-blockers in > HADOOP, HDFS, YARN, and MAPREDUCE from 3.4.0 to 3.5.0. If we want to create > a new JIRA, the target version can directly select version 3.5.0. > > If you have any thoughts, suggestions, or concerns, please feel free to > share them. > > Best Regards, > Shilun Fan. > > > +1 from me. > >> It will include the new AWS V2 SDK upgrade as well. > > > On Wed, Jan 3, 2024 at 6:35 AM Xiaoqiao He wrote: > > > > > > > I think the release discussion can be in public ML? > > > > Good idea. cc common-dev/hdfs-dev/yarn-dev/mapreduce-dev ML. > > > > Best Regards, > > - He Xiaoqiao > > > > On Tue, Jan 2, 2024 at 6:18 AM Ayush Saxena wrote: > > > > > +1 from me as well. > > > > > > We should definitely attempt to upgrade the thirdparty version for > > > 3.4.0 & check if there are any pending critical/blocker issues as > > > well. > > > > > > I think the release discussion can be in public ML? > > > > > > -Ayush > > > > > > On Mon, 1 Jan 2024 at 18:25, Steve Loughran <ste...@cloudera.com.invalid > > > > > > wrote: > > > > > > > > +1 from me > > > > > > > > ant and maven repo to build and validate things, including making arm > > > > binaries if you work from an arm macbook. > > > > https://github.com/steveloughran/validate-hadoop-client-artifacts > > > > > > > > do we need to publish an up to date thirdparty release for this? > > > > > > > > > > > > > > > > On Mon, 25 Dec 2023 at 16:06, slfan1989 wrote: > > > > > > > > > Dear PMC Members, > > > > > > > > > > First of all, Merry Christmas to everyone! > > > > > > > > > > In our community discussions, we collectively finalized the plan to > > > release > > > > > Hadoop 3.4.0 based on the current trunk branch. I am applying to > take > > > on > > > > > the responsibility for the initial release of version 3.4.0, and the > > > entire > > > > > process is set to officially commence in January 2024. > > > > > I have created a new JIRA: HADOOP-19018. Release 3.4.0. > > > > > > > > > > The specific work plan includes: > > > > > > > > > > 1. Following the guidance in the HowToRelease document, completing > > all > > > the > > > > > relevant tasks required for the release of version 3.4.0. > > > > > 2. Pointing the trunk branch to 3.5.0-SNAPSHOT. > > > > > 3. Currently, the Fix Versions of all tasks merged into trunk are > set > > > as > > > > > 3.4.0; I will move them to 3.5.0. > > > > > > > > > > Confirmed features to be included in the release: > > > > > > > > > > 1. Enhanced functionality for YARN Federation. > > > > > 2. Optimization of HDFS RBF. > > > > > 3. Introduction of fine-grained global locks for DataNodes. > > > > > 4. Improvements in the stability of HDFS EC, and more. > > > > > 5. Fixes for important CVEs. > > > > > > > > > > If you have any thoughts, suggestions, or concerns, please feel free > > to > > > > > share them. > > > > > > > > > > Looking forward to a successful release! > > > > > > > > > > Best Regards, > > > > > Shilun Fan. > > > > > > > > > > > --------------------------------------------------------------------- To unsubscribe, e-mail: common-dev-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-dev-h...@hadoop.apache.org
