PJ Fanning created HADOOP-19552:
---
Summary: upgrade jsonschema2pojo due to CVE-2025-3588
Key: HADOOP-19552
URL: https://issues.apache.org/jira/browse/HADOOP-19552
Project: Hadoop Common
Issue
[
https://issues.apache.org/jira/browse/HADOOP-19230?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
PJ Fanning resolved HADOOP-19230.
-
Resolution: Duplicate
> upgrade to jackson 2.1
PJ Fanning created HADOOP-19544:
---
Summary: upgrade to jackson 2.18
Key: HADOOP-19544
URL: https://issues.apache.org/jira/browse/HADOOP-19544
Project: Hadoop Common
Issue Type: Task
Due to the jar name change for protobuf that is merged but unreleased,
I think that 1.4.0 is better.
https://github.com/apache/hadoop-thirdparty/pull/38
Is there a reason to not use the pre-existing Avro PR which seems to
have the same changes?
https://github.com/apache/hadoop-thirdparty/pull/40
PJ Fanning created HADOOP-19465:
---
Summary: upgrade to netty 4.1.118 due to CVE-2025-24970
Key: HADOOP-19465
URL: https://issues.apache.org/jira/browse/HADOOP-19465
Project: Hadoop Common
Issue
Just one thing to note is that we recently removed or reduced the
okhttp3 dependency in Hadoop because the kotlin dependency brings in
big jars and more complicated management of transitive dependencies.
Would it be possible to consider using a lightweight HTTP client
instead? The built-in Java cli
PJ Fanning created HADOOP-19397:
---
Summary: update license details for Jersey 2
Key: HADOOP-19397
URL: https://issues.apache.org/jira/browse/HADOOP-19397
Project: Hadoop Common
Issue Type: Task
PJ Fanning created HADOOP-19383:
---
Summary: upgrade MIna 2.0.27 due to CVE-2024-52046
Key: HADOOP-19383
URL: https://issues.apache.org/jira/browse/HADOOP-19383
Project: Hadoop Common
Issue Type
PJ Fanning created HADOOP-19335:
---
Summary: Bump netty to 4.1.115 due to CVE-2024-47535
Key: HADOOP-19335
URL: https://issues.apache.org/jira/browse/HADOOP-19335
Project: Hadoop Common
Issue
PJ Fanning created HADOOP-19289:
---
Summary: upgrade to protobuf-java 3.25.5 due to CVE-2024-7254
Key: HADOOP-19289
URL: https://issues.apache.org/jira/browse/HADOOP-19289
Project: Hadoop Common
PJ Fanning created HADOOP-19269:
---
Summary: Upgrade maven-shade-plugin to 3.6.0
Key: HADOOP-19269
URL: https://issues.apache.org/jira/browse/HADOOP-19269
Project: Hadoop Common
Issue Type: Task
PJ Fanning created HADOOP-19259:
---
Summary: upgrade to jackson 2.18.0
Key: HADOOP-19259
URL: https://issues.apache.org/jira/browse/HADOOP-19259
Project: Hadoop Common
Issue Type: Task
I think this is worth considering. I think it would require a minor
release like 3.5.0 as opposed to considering it for future 3.4.x patch
releases.
I tend to build locally with Java 11, by default and I haven't hit
major issues building Hadoop. There may be some gotcha somewhere but
it is likely t
PJ Fanning created HADOOP-19237:
---
Summary: upgrade dnsjava to 3.6.0 due to CVEs
Key: HADOOP-19237
URL: https://issues.apache.org/jira/browse/HADOOP-19237
Project: Hadoop Common
Issue Type
PJ Fanning created HADOOP-19231:
---
Summary: add JacksonUtil to centralise some code
Key: HADOOP-19231
URL: https://issues.apache.org/jira/browse/HADOOP-19231
Project: Hadoop Common
Issue Type
PJ Fanning created HADOOP-19230:
---
Summary: upgrade to jackson 2.14.3
Key: HADOOP-19230
URL: https://issues.apache.org/jira/browse/HADOOP-19230
Project: Hadoop Common
Issue Type: Task
PJ Fanning created HADOOP-19154:
---
Summary: upgrade bouncy castle to 1.78.1 due to CVEs
Key: HADOOP-19154
URL: https://issues.apache.org/jira/browse/HADOOP-19154
Project: Hadoop Common
Issue
PJ Fanning created HADOOP-19134:
---
Summary: use StringBuilder instead of StringBuffer
Key: HADOOP-19134
URL: https://issues.apache.org/jira/browse/HADOOP-19134
Project: Hadoop Common
Issue Type
PJ Fanning created HADOOP-19123:
---
Summary: update commons-configuration2 to 2.10.1 due to CVE
Key: HADOOP-19123
URL: https://issues.apache.org/jira/browse/HADOOP-19123
Project: Hadoop Common
PJ Fanning created HADOOP-19116:
---
Summary: update to zookeeper client 3.8.4 due to CVE
Key: HADOOP-19116
URL: https://issues.apache.org/jira/browse/HADOOP-19116
Project: Hadoop Common
Issue
PJ Fanning created HADOOP-19115:
---
Summary: upgrade to nimbus-jose-jwt 9.37.2 due to CVE
Key: HADOOP-19115
URL: https://issues.apache.org/jira/browse/HADOOP-19115
Project: Hadoop Common
Issue
PJ Fanning created HADOOP-19114:
---
Summary: upgrade to commons-compress 1.26.1 due to cves
Key: HADOOP-19114
URL: https://issues.apache.org/jira/browse/HADOOP-19114
Project: Hadoop Common
Issue
CCing common-dev@hadoop.apache.org
On Thu, 29 Feb 2024 at 22:36, PJ Fanning wrote:
>
> There is an issue with the protobuf lib - described here [1]
>
> The idea would be to do a new hadoop-thirdparty release and uptake that.
>
> Related the hadoop-thirdparty uptake, I would li
PJ Fanning created HADOOP-19090:
---
Summary: Update Protocol Buffers installation to 3.23.4
Key: HADOOP-19090
URL: https://issues.apache.org/jira/browse/HADOOP-19090
Project: Hadoop Common
Issue
PJ Fanning created HADOOP-19088:
---
Summary: upgrade to jersey-json 1.22.0
Key: HADOOP-19088
URL: https://issues.apache.org/jira/browse/HADOOP-19088
Project: Hadoop Common
Issue Type: Bug
PJ Fanning created HADOOP-19081:
---
Summary: move ssh/sftp code out of hadoop-common into a dedicated
jar
Key: HADOOP-19081
URL: https://issues.apache.org/jira/browse/HADOOP-19081
Project: Hadoop Common
PJ Fanning created HADOOP-19079:
---
Summary: check that class that is loaded is really an exception
Key: HADOOP-19079
URL: https://issues.apache.org/jira/browse/HADOOP-19079
Project: Hadoop Common
PJ Fanning created HADOOP-19078:
---
Summary: reduce use of javax.ws.rs.core.MediaType
Key: HADOOP-19078
URL: https://issues.apache.org/jira/browse/HADOOP-19078
Project: Hadoop Common
Issue Type
PJ Fanning created HADOOP-19077:
---
Summary: remove use of javax.ws.rs.core.HttpHeaders
Key: HADOOP-19077
URL: https://issues.apache.org/jira/browse/HADOOP-19077
Project: Hadoop Common
Issue
PJ Fanning created HADOOP-19076:
---
Summary: move jersey code in hadoop-common jar to a new
hadoop-jersey1-common jar
Key: HADOOP-19076
URL: https://issues.apache.org/jira/browse/HADOOP-19076
Project
+1 (non-binding)
* I validated the checksum and signature on the src tgz
* LICENSE/NOTICE present
* ASF headers
* no unexpected binaries
* can build using mvn
* tested the thirdparty protobuf jar in hadoop main build
Is the idea that there will be a Hadoop 3.4.0 RC2 that uses the thirdparty jars
PJ Fanning created HADOOP-19041:
---
Summary: further use of StandardCharsets
Key: HADOOP-19041
URL: https://issues.apache.org/jira/browse/HADOOP-19041
Project: Hadoop Common
Issue Type: Task
On 2024/01/04 15:53:43 PJ Fanning wrote:
> I would like to get some dependencies upgraded for Hadoop 3.4.0. For me, it
> would be good to upgrade protobuf-java and Jackson to more secure versions.
>
> For protobuf-java, that would involve releasing hadoop-thirdparty 1.2.0 [1],
> in
s/134#issuecomment-1180637522
On Thu, 4 Jan 2024 at 19:30, Steve Loughran wrote:
>
>
>
> On Thu, 4 Jan 2024 at 15:53, PJ Fanning wrote:
>>
>> I would like to get some dependencies upgraded for Hadoop 3.4.0. For me, it
>> would be good to upgrade protobuf-java
PJ Fanning created HADOOP-19024:
---
Summary: change to bouncy castle jdk1.8 jars
Key: HADOOP-19024
URL: https://issues.apache.org/jira/browse/HADOOP-19024
Project: Hadoop Common
Issue Type: Task
I would like to get some dependencies upgraded for Hadoop 3.4.0. For me, it
would be good to upgrade protobuf-java and Jackson to more secure versions.
For protobuf-java, that would involve releasing hadoop-thirdparty 1.2.0 [1],
including merging the protobuf upgrade [2].
For Jackson, we are ha
PJ Fanning created HADOOP-19014:
---
Summary: use jsr311-compat jar to allow us to use Jackson 2.14.3
Key: HADOOP-19014
URL: https://issues.apache.org/jira/browse/HADOOP-19014
Project: Hadoop Common
PJ Fanning created HADOOP-18957:
---
Summary: Use StandardCharsets.UTF_8 constant
Key: HADOOP-18957
URL: https://issues.apache.org/jira/browse/HADOOP-18957
Project: Hadoop Common
Issue Type
PJ Fanning created HADOOP-18949:
---
Summary: upgrade maven dependency plugin due to security issue
Key: HADOOP-18949
URL: https://issues.apache.org/jira/browse/HADOOP-18949
Project: Hadoop Common
PJ Fanning created HADOOP-18936:
---
Summary: upgrade jetty to 9.4.53 due to CVEs
Key: HADOOP-18936
URL: https://issues.apache.org/jira/browse/HADOOP-18936
Project: Hadoop Common
Issue Type
PJ Fanning created HADOOP-18924:
---
Summary: upgrade grpc jars to v1.53.0 due to CVEs
Key: HADOOP-18924
URL: https://issues.apache.org/jira/browse/HADOOP-18924
Project: Hadoop Common
Issue Type
PJ Fanning created HADOOP-18921:
---
Summary: upgrade avro in hadoop-thirdparty to 1.11.3
Key: HADOOP-18921
URL: https://issues.apache.org/jira/browse/HADOOP-18921
Project: Hadoop Common
Issue
PJ Fanning created HADOOP-18917:
---
Summary: upgrade to commons-io 2.14.0
Key: HADOOP-18917
URL: https://issues.apache.org/jira/browse/HADOOP-18917
Project: Hadoop Common
Issue Type: Improvement
PJ Fanning created HADOOP-18916:
---
Summary: module-info classes from external dependencies appearing
in uber jars
Key: HADOOP-18916
URL: https://issues.apache.org/jira/browse/HADOOP-18916
Project
PJ Fanning created HADOOP-18912:
---
Summary: upgrade snappy-java to 1.1.10.4 due to CVE
Key: HADOOP-18912
URL: https://issues.apache.org/jira/browse/HADOOP-18912
Project: Hadoop Common
Issue
PJ Fanning created HADOOP-18895:
---
Summary: upgrade to commons-compress 1.24.0
Key: HADOOP-18895
URL: https://issues.apache.org/jira/browse/HADOOP-18895
Project: Hadoop Common
Issue Type
PJ Fanning created HADOOP-18894:
---
Summary: upgrade sshd-core due to CVEs
Key: HADOOP-18894
URL: https://issues.apache.org/jira/browse/HADOOP-18894
Project: Hadoop Common
Issue Type: Bug
PJ Fanning created HADOOP-18890:
---
Summary: remove okhttp usage
Key: HADOOP-18890
URL: https://issues.apache.org/jira/browse/HADOOP-18890
Project: Hadoop Common
Issue Type: Bug
PJ Fanning created HADOOP-18783:
---
Summary: upgrade netty to 4.1.94 due to CVE
Key: HADOOP-18783
URL: https://issues.apache.org/jira/browse/HADOOP-18783
Project: Hadoop Common
Issue Type: Task
PJ Fanning created HADOOP-18782:
---
Summary: upgrade to snappy-java 1.1.10.1 due to CVEs
Key: HADOOP-18782
URL: https://issues.apache.org/jira/browse/HADOOP-18782
Project: Hadoop Common
Issue
[
https://issues.apache.org/jira/browse/HADOOP-18719?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
PJ Fanning resolved HADOOP-18719.
-
Resolution: Duplicate
> upgrade snakeyaml to 2.0 (fixes CVE-2022-1
PJ Fanning created HADOOP-18719:
---
Summary: upgrade snakeyaml to 2.0 (fixes CVE-2022-1471)
Key: HADOOP-18719
URL: https://issues.apache.org/jira/browse/HADOOP-18719
Project: Hadoop Common
Issue
PJ Fanning created HADOOP-18712:
---
Summary: upgrade to jetty 9.4.51 due to cve
Key: HADOOP-18712
URL: https://issues.apache.org/jira/browse/HADOOP-18712
Project: Hadoop Common
Issue Type: Task
PJ Fanning created HADOOP-18711:
---
Summary: upgrade nimbus jwt jar due to issues in its embedded
shaded json-smart code
Key: HADOOP-18711
URL: https://issues.apache.org/jira/browse/HADOOP-18711
Project
PJ Fanning created HADOOP-18693:
---
Summary: upgrade Apache Derby due to CVEs
Key: HADOOP-18693
URL: https://issues.apache.org/jira/browse/HADOOP-18693
Project: Hadoop Common
Issue Type: Task
PJ Fanning created HADOOP-18658:
---
Summary: snakeyaml dependency: upgrade to v2.0
Key: HADOOP-18658
URL: https://issues.apache.org/jira/browse/HADOOP-18658
Project: Hadoop Common
Issue Type
PJ Fanning created HADOOP-18619:
---
Summary: replace jsr311-api dependency with rs-api
Key: HADOOP-18619
URL: https://issues.apache.org/jira/browse/HADOOP-18619
Project: Hadoop Common
Issue Type
PJ Fanning created HADOOP-18587:
---
Summary: upgrade to jettison 1.5.2 due to security issue
Key: HADOOP-18587
URL: https://issues.apache.org/jira/browse/HADOOP-18587
Project: Hadoop Common
PJ Fanning created HADOOP-18575:
---
Summary: make transformer factory creation more lenient
Key: HADOOP-18575
URL: https://issues.apache.org/jira/browse/HADOOP-18575
Project: Hadoop Common
Issue
PJ Fanning created HADOOP-18496:
---
Summary: upgrade kotlin-stdlib due to CVEs
Key: HADOOP-18496
URL: https://issues.apache.org/jira/browse/HADOOP-18496
Project: Hadoop Common
Issue Type
PJ Fanning created HADOOP-18493:
---
Summary: uptake jackson-databind 2.12.7.1 due to CVE fixes
Key: HADOOP-18493
URL: https://issues.apache.org/jira/browse/HADOOP-18493
Project: Hadoop Common
PJ Fanning created HADOOP-18492:
---
Summary: upgrade commons-text to 1.10.0
Key: HADOOP-18492
URL: https://issues.apache.org/jira/browse/HADOOP-18492
Project: Hadoop Common
Issue Type
PJ Fanning created HADOOP-18484:
---
Summary: upgrade hsqldb to v2.7.1 due to CVE
Key: HADOOP-18484
URL: https://issues.apache.org/jira/browse/HADOOP-18484
Project: Hadoop Common
Issue Type
PJ Fanning created HADOOP-18472:
---
Summary: Upgrade to snakeyaml 1.33
Key: HADOOP-18472
URL: https://issues.apache.org/jira/browse/HADOOP-18472
Project: Hadoop Common
Issue Type: Improvement
PJ Fanning created HADOOP-18469:
---
Summary: Add an XMLUtils class to centralise code that creates
secure XML parsers
Key: HADOOP-18469
URL: https://issues.apache.org/jira/browse/HADOOP-18469
Project
PJ Fanning created HADOOP-18468:
---
Summary: upgrade jettison json jar due to security issue
Key: HADOOP-18468
URL: https://issues.apache.org/jira/browse/HADOOP-18468
Project: Hadoop Common
PJ Fanning created HADOOP-18441:
---
Summary: remove
org.apache.hadoop.maven.plugin.shade.resource.ServicesResourceTransformer
Key: HADOOP-18441
URL: https://issues.apache.org/jira/browse/HADOOP-18441
PJ Fanning created HADOOP-18354:
---
Summary: upgrade reload4j due to XXE vulnerability
Key: HADOOP-18354
URL: https://issues.apache.org/jira/browse/HADOOP-18354
Project: Hadoop Common
Issue Type
PJ Fanning created HADOOP-18343:
---
Summary: upgrade to jetty 9.4.47 due to CVE
Key: HADOOP-18343
URL: https://issues.apache.org/jira/browse/HADOOP-18343
Project: Hadoop Common
Issue Type
PJ Fanning created HADOOP-18342:
---
Summary: Upgrade to Avro 1.11.0
Key: HADOOP-18342
URL: https://issues.apache.org/jira/browse/HADOOP-18342
Project: Hadoop Common
Issue Type: Improvement
PJ Fanning created HADOOP-18341:
---
Summary: upgrade to commons-configuration2 2.8.0
Key: HADOOP-18341
URL: https://issues.apache.org/jira/browse/HADOOP-18341
Project: Hadoop Common
Issue Type
PJ Fanning created HADOOP-18332:
---
Summary: remove jsr311-api dependency
Key: HADOOP-18332
URL: https://issues.apache.org/jira/browse/HADOOP-18332
Project: Hadoop Common
Issue Type: Improvement
PJ Fanning created HADOOP-18195:
---
Summary: make jackson v1 a runtime scope dependency
Key: HADOOP-18195
URL: https://issues.apache.org/jira/browse/HADOOP-18195
Project: Hadoop Common
Issue
PJ Fanning created HADOOP-18180:
---
Summary: Remove use of scala jar twitter util-core
Key: HADOOP-18180
URL: https://issues.apache.org/jira/browse/HADOOP-18180
Project: Hadoop Common
Issue Type
PJ Fanning created HADOOP-18178:
---
Summary: upgrade jackson-databind to 2.13.2.1 due to cve
Key: HADOOP-18178
URL: https://issues.apache.org/jira/browse/HADOOP-18178
Project: Hadoop Common
PJ Fanning created HADOOP-18165:
---
Summary: hadoop-yarn-ui has a number of insecure dependencies
Key: HADOOP-18165
URL: https://issues.apache.org/jira/browse/HADOOP-18165
Project: Hadoop Common
PJ Fanning created HADOOP-18126:
---
Summary: junit-vintage tests seem to be failing
Key: HADOOP-18126
URL: https://issues.apache.org/jira/browse/HADOOP-18126
Project: Hadoop Common
Issue Type
PJ Fanning created HADOOP-15804:
---
Summary: upgrade to commons-compress 1.18
Key: HADOOP-15804
URL: https://issues.apache.org/jira/browse/HADOOP-15804
Project: Hadoop Common
Issue Type
PJ Fanning created HADOOP-15064:
---
Summary: hadoop-common 3.0.0-beta1 exposes a dependency on
slf4j-log4j12
Key: HADOOP-15064
URL: https://issues.apache.org/jira/browse/HADOOP-15064
Project: Hadoop
PJ Fanning created HADOOP-15054:
---
Summary: upgrade hadoop-auth dependency on commons-codec to 1.11
Key: HADOOP-15054
URL: https://issues.apache.org/jira/browse/HADOOP-15054
Project: Hadoop Common
PJ Fanning created HADOOP-13332:
---
Summary: Remove jackson 1.9.13 and switch all jackson code to 2.x
code line
Key: HADOOP-13332
URL: https://issues.apache.org/jira/browse/HADOOP-13332
Project: Hadoop
81 matches
Mail list logo
