Skip to content

HADOOP-18443. Upgrade snakeyaml to 1.32 #4874

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
aajisaka merged 2 commits into from
Sep 25, 2022
Merged

HADOOP-18443. Upgrade snakeyaml to 1.32 #4874

aajisaka merged 2 commits into from
Sep 25, 2022

Conversation

@hotcodemacha
Copy link
Contributor

@hotcodemacha hotcodemacha commented Sep 8, 2022
edited
Loading

Description of PR

Upgrade snakeyaml to 1.32 to mitigate CVE-2022-25857 and and CVE-2022-38752 for branch-3.2
JIRA - HADOOP-18443

For code changes:

  • Does the title or this PR starts with the corresponding JIRA issue id (e.g. 'HADOOP-17799. Your PR title ...')?
  • Object storage: have the integration tests been executed and the endpoint declared according to the connector-specific documentation?
  • If adding new dependencies to the code, are these dependencies licensed in a way that is compatible for inclusion under ASF 2.0?
  • If applicable, have you updated the LICENSE, LICENSE-binary, NOTICE-binary files?

@hadoop-yetus
Copy link

hadoop-yetus commented Sep 8, 2022

💔 -1 overall

Vote Subsystem Runtime Logfile Comment
+0 🆗 reexec 11m 45s Docker mode activated.
_ Prechecks _
+1 💚 dupname 0m 0s No case conflicting files found.
+0 🆗 codespell 0m 0s codespell was not available.
+0 🆗 detsecrets 0m 0s detect-secrets was not available.
+0 🆗 xmllint 0m 0s xmllint was not available.
+1 💚 @author 0m 0s The patch does not contain any @author tags.
-1 ❌ test4tests 0m 0s The patch doesn't appear to include any new or modified tests. Please justify why no new tests are needed for this patch. Also please list what manual steps were performed to verify this patch.
_ branch-3.2 Compile Tests _
+1 💚 mvninstall 32m 53s branch-3.2 passed
+1 💚 compile 0m 24s branch-3.2 passed
+1 💚 mvnsite 0m 29s branch-3.2 passed
+1 💚 javadoc 0m 34s branch-3.2 passed
+1 💚 shadedclient 49m 11s branch has no errors when building and testing our client artifacts.
_ Patch Compile Tests _
+1 💚 mvninstall 0m 16s the patch passed
+1 💚 compile 0m 14s the patch passed
+1 💚 javac 0m 14s the patch passed
+1 💚 blanks 0m 0s The patch has no blanks issues.
+1 💚 mvnsite 0m 16s the patch passed
+1 💚 javadoc 0m 14s the patch passed
+1 💚 shadedclient 17m 5s patch has no errors when building and testing our client artifacts.
_ Other Tests _
+1 💚 unit 0m 18s hadoop-project in the patch passed.
+1 💚 asflicense 0m 38s The patch does not generate ASF License warnings.
81m 25s
Subsystem Report/Notes
Docker ClientAPI=1.41 ServerAPI=1.41 base: https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-4874/1/artifact/out/Dockerfile
GITHUB PR #4874
Optional Tests dupname asflicense compile javac javadoc mvninstall mvnsite unit shadedclient codespell detsecrets xmllint
uname Linux 0c221052cf2b 4.15.0-191-generic #202-Ubuntu SMP Thu Aug 4 01:49:29 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
Build tool maven
Personality dev-support/bin/hadoop.sh
git revision branch-3.2 / 178bbe7
Default Java Private Build-1.8.0_342-8u342-b07-0ubuntu1~18.04-b07
Test Results https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-4874/1/testReport/
Max. process+thread count 330 (vs. ulimit of 5500)
modules C: hadoop-project U: hadoop-project
Console output https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-4874/1/console
versions git=2.17.1 maven=3.6.0
Powered by Apache Yetus 0.14.0 https://yetus.apache.org

This message was automatically generated.

@hotcodemacha hotcodemacha changed the title HADOOP-18443. Upgrade snakeyaml to 1.31 to mitigate CVE-2022-25857 Upgrade snakeyaml to 1.32 to mitigate CVE-2022-25857 and and CVE-2022-38752 Sep 19, 2022
@hotcodemacha hotcodemacha changed the title Upgrade snakeyaml to 1.32 to mitigate CVE-2022-25857 and and CVE-2022-38752 Upgrade snakeyaml to 1.32 Sep 19, 2022
@hadoop-yetus
Copy link

hadoop-yetus commented Sep 19, 2022

💔 -1 overall

Vote Subsystem Runtime Logfile Comment
+0 🆗 reexec 11m 33s Docker mode activated.
_ Prechecks _
+1 💚 dupname 0m 0s No case conflicting files found.
+0 🆗 codespell 0m 0s codespell was not available.
+0 🆗 detsecrets 0m 0s detect-secrets was not available.
+0 🆗 xmllint 0m 0s xmllint was not available.
+1 💚 @author 0m 0s The patch does not contain any @author tags.
-1 ❌ test4tests 0m 0s The patch doesn't appear to include any new or modified tests. Please justify why no new tests are needed for this patch. Also please list what manual steps were performed to verify this patch.
_ branch-3.2 Compile Tests _
+1 💚 mvninstall 33m 29s branch-3.2 passed
+1 💚 compile 0m 22s branch-3.2 passed
+1 💚 mvnsite 0m 28s branch-3.2 passed
+1 💚 javadoc 0m 34s branch-3.2 passed
+1 💚 shadedclient 49m 41s branch has no errors when building and testing our client artifacts.
_ Patch Compile Tests _
+1 💚 mvninstall 0m 16s the patch passed
+1 💚 compile 0m 13s the patch passed
+1 💚 javac 0m 13s the patch passed
+1 💚 blanks 0m 0s The patch has no blanks issues.
+1 💚 mvnsite 0m 16s the patch passed
+1 💚 javadoc 0m 14s the patch passed
+1 💚 shadedclient 16m 51s patch has no errors when building and testing our client artifacts.
_ Other Tests _
+1 💚 unit 0m 18s hadoop-project in the patch passed.
+1 💚 asflicense 0m 37s The patch does not generate ASF License warnings.
81m 12s
Subsystem Report/Notes
Docker ClientAPI=1.41 ServerAPI=1.41 base: https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-4874/2/artifact/out/Dockerfile
GITHUB PR #4874
Optional Tests dupname asflicense compile javac javadoc mvninstall mvnsite unit shadedclient codespell detsecrets xmllint
uname Linux a5326421c69f 4.15.0-191-generic #202-Ubuntu SMP Thu Aug 4 01:49:29 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
Build tool maven
Personality dev-support/bin/hadoop.sh
git revision branch-3.2 / f0df9ae
Default Java Private Build-1.8.0_342-8u342-b07-0ubuntu1~18.04-b07
Test Results https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-4874/2/testReport/
Max. process+thread count 306 (vs. ulimit of 5500)
modules C: hadoop-project U: hadoop-project
Console output https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-4874/2/console
versions git=2.17.1 maven=3.6.0
Powered by Apache Yetus 0.14.0 https://yetus.apache.org

This message was automatically generated.

@hotcodemacha hotcodemacha mentioned this pull request Sep 23, 2022
Merged
4 tasks
@aajisaka aajisaka changed the title Upgrade snakeyaml to 1.32 HADOOP-18443. Upgrade snakeyaml to 1.32 Sep 25, 2022
@aajisaka aajisaka merged commit eb230d5 into apache:branch-3.2 Sep 25, 2022
jojochuang pushed a commit to jojochuang/hadoop that referenced this pull request May 23, 2023
@hotcodemacha @adoroszlai
CDPD-45376: HADOOP-18443. Upgrade snakeyaml to 1.32 (apache#4874)
29a4426 
Co-authored-by: Ashutosh Gupta <[email protected]>
Signed-off-by: Akira Ajisaka <[email protected]>
(cherry picked from commit eb230d5)
Change-Id: I36a1f56ee61642d91a6b152ed123179514f54935
(cherry picked from commit a2ec280003a240b713c41f4fb9f5287b5ae54f06)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@aajisaka aajisaka aajisaka approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@hotcodemacha @hadoop-yetus @aajisaka