Skip to content

HBASE-28943 Remove all jackson 1.x dependencies for hadoop-3 profile, since all jackson 1.x versions have vulnerabilities #6414

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
NihalJain merged 1 commit into from
Nov 6, 2024
Merged

HBASE-28943 Remove all jackson 1.x dependencies for hadoop-3 profile, since all jackson 1.x versions have vulnerabilities #6414

NihalJain merged 1 commit into from
Nov 6, 2024

Conversation

@NihalJain
Copy link
Contributor

@NihalJain NihalJain commented Oct 30, 2024

@NihalJain
HBASE-28943 Remove all jackson 1.x dependencies for hadoop-3 profile,…
ec72bad 
… since all jackson 1.x versions have vulnerabilities (apache#6405)

- Building hbase with hadoop-3 profile on branch-2, still requires jackson 1.x jars, which has vulnerabilities. Ideally these should not be needed as with HADOOP-13332 hadoop has already "Remove jackson 1.9.13 and switch all jackson code to 2.x code line" for branch-3.
- Also in HBASE-27148, where we worked on "Move minimum hadoop 3 support version to 3.2.3", where we had done a similar cleanup for branch-3; but somehow we missed to port the relevant changes to the branch-2 backport of same jira. This task is to take care of this so that we do not need jackson 1.x to build/run hbase with hadoop-3 profile on branch-2.x.

Signed-off-by: Duo Zhang <[email protected]>
Signed-off-by: Nick Dimiduk <[email protected]>
(cherry picked from commit 41621f0)
@NihalJain NihalJain added the backport This PR is a back port of some issue or issues already committed to master label Oct 30, 2024
@Apache-HBase
Copy link

Apache-HBase commented Oct 30, 2024

💔 -1 overall

Vote Subsystem Runtime Logfile Comment
+0 🆗 reexec 0m 44s Docker mode activated.
-0 ⚠️ yetus 0m 5s Unprocessed flag(s): --brief-report-file --spotbugs-strict-precheck --author-ignore-list --blanks-eol-ignore-file --blanks-tabs-ignore-file --quick-hadoopcheck
_ Prechecks _
_ branch-2.5 Compile Tests _
+0 🆗 mvndep 0m 10s Maven dependency ordering for branch
+1 💚 mvninstall 2m 52s branch-2.5 passed
+1 💚 compile 0m 58s branch-2.5 passed
+1 💚 javadoc 0m 46s branch-2.5 passed
+1 💚 shadedjars 4m 59s branch has no errors when building our shaded downstream artifacts.
_ Patch Compile Tests _
+0 🆗 mvndep 0m 18s Maven dependency ordering for patch
+1 💚 mvninstall 2m 44s the patch passed
+1 💚 compile 0m 58s the patch passed
+1 💚 javac 0m 58s the patch passed
+1 💚 javadoc 0m 46s the patch passed
+1 💚 shadedjars 5m 1s patch has no errors when building our shaded downstream artifacts.
_ Other Tests _
+1 💚 unit 0m 13s hbase-shaded-client-byo-hadoop in the patch passed.
+1 💚 unit 0m 15s hbase-shaded-mapreduce in the patch passed.
+1 💚 unit 0m 18s hbase-shaded-testing-util in the patch passed.
-1 ❌ unit 0m 25s /patch-unit-hbase-shaded_hbase-shaded-testing-util-tester.txt hbase-shaded-testing-util-tester in the patch failed.
23m 3s
Subsystem Report/Notes
Docker ClientAPI=1.47 ServerAPI=1.47 base: https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-6414/1/artifact/yetus-jdk11-hadoop3-check/output/Dockerfile
GITHUB PR #6414
Optional Tests javac javadoc unit shadedjars compile
uname Linux 582f1a77bd98 5.4.0-195-generic #215-Ubuntu SMP Fri Aug 2 18:28:05 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux
Build tool maven
Personality dev-support/hbase-personality.sh
git revision branch-2.5 / ec72bad
Default Java Eclipse Adoptium-11.0.23+9
Test Results https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-6414/1/testReport/
Max. process+thread count 153 (vs. ulimit of 30000)
modules C: hbase-shaded/hbase-shaded-client-byo-hadoop hbase-shaded/hbase-shaded-mapreduce hbase-shaded/hbase-shaded-testing-util hbase-shaded/hbase-shaded-testing-util-tester U: hbase-shaded
Console output https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-6414/1/console
versions git=2.34.1 maven=3.9.8
Powered by Apache Yetus 0.15.0 https://yetus.apache.org

This message was automatically generated.

@Apache-HBase
Copy link

Apache-HBase commented Oct 30, 2024

💔 -1 overall

Vote Subsystem Runtime Logfile Comment
+0 🆗 reexec 0m 47s Docker mode activated.
-0 ⚠️ yetus 0m 6s Unprocessed flag(s): --brief-report-file --spotbugs-strict-precheck --author-ignore-list --blanks-eol-ignore-file --blanks-tabs-ignore-file --quick-hadoopcheck
_ Prechecks _
_ branch-2.5 Compile Tests _
+0 🆗 mvndep 0m 9s Maven dependency ordering for branch
+1 💚 mvninstall 2m 52s branch-2.5 passed
+1 💚 compile 0m 58s branch-2.5 passed
+1 💚 javadoc 0m 45s branch-2.5 passed
+1 💚 shadedjars 5m 32s branch has no errors when building our shaded downstream artifacts.
_ Patch Compile Tests _
+0 🆗 mvndep 0m 16s Maven dependency ordering for patch
+1 💚 mvninstall 2m 44s the patch passed
+1 💚 compile 0m 56s the patch passed
+1 💚 javac 0m 56s the patch passed
+1 💚 javadoc 0m 44s the patch passed
+1 💚 shadedjars 4m 54s patch has no errors when building our shaded downstream artifacts.
_ Other Tests _
+1 💚 unit 0m 13s hbase-shaded-client-byo-hadoop in the patch passed.
+1 💚 unit 0m 16s hbase-shaded-mapreduce in the patch passed.
+1 💚 unit 0m 16s hbase-shaded-testing-util in the patch passed.
-1 ❌ unit 0m 24s /patch-unit-hbase-shaded_hbase-shaded-testing-util-tester.txt hbase-shaded-testing-util-tester in the patch failed.
23m 18s
Subsystem Report/Notes
Docker ClientAPI=1.47 ServerAPI=1.47 base: https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-6414/1/artifact/yetus-jdk17-hadoop3-check/output/Dockerfile
GITHUB PR #6414
Optional Tests javac javadoc unit shadedjars compile
uname Linux 0adc8097029d 5.4.0-195-generic #215-Ubuntu SMP Fri Aug 2 18:28:05 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux
Build tool maven
Personality dev-support/hbase-personality.sh
git revision branch-2.5 / ec72bad
Default Java Eclipse Adoptium-17.0.11+9
Test Results https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-6414/1/testReport/
Max. process+thread count 167 (vs. ulimit of 30000)
modules C: hbase-shaded/hbase-shaded-client-byo-hadoop hbase-shaded/hbase-shaded-mapreduce hbase-shaded/hbase-shaded-testing-util hbase-shaded/hbase-shaded-testing-util-tester U: hbase-shaded
Console output https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-6414/1/console
versions git=2.34.1 maven=3.9.8
Powered by Apache Yetus 0.15.0 https://yetus.apache.org

This message was automatically generated.

@Apache-HBase
Copy link

Apache-HBase commented Oct 30, 2024

💔 -1 overall

Vote Subsystem Runtime Logfile Comment
+0 🆗 reexec 1m 21s Docker mode activated.
-0 ⚠️ yetus 0m 5s Unprocessed flag(s): --brief-report-file --spotbugs-strict-precheck --author-ignore-list --blanks-eol-ignore-file --blanks-tabs-ignore-file --quick-hadoopcheck
_ Prechecks _
_ branch-2.5 Compile Tests _
+0 🆗 mvndep 0m 11s Maven dependency ordering for branch
+1 💚 mvninstall 2m 52s branch-2.5 passed
+1 💚 compile 1m 4s branch-2.5 passed
+1 💚 javadoc 0m 45s branch-2.5 passed
+1 💚 shadedjars 5m 24s branch has no errors when building our shaded downstream artifacts.
_ Patch Compile Tests _
+0 🆗 mvndep 0m 14s Maven dependency ordering for patch
+1 💚 mvninstall 2m 31s the patch passed
+1 💚 compile 0m 55s the patch passed
+1 💚 javac 0m 55s the patch passed
+1 💚 javadoc 0m 47s the patch passed
+1 💚 shadedjars 4m 58s patch has no errors when building our shaded downstream artifacts.
_ Other Tests _
+1 💚 unit 0m 12s hbase-shaded-client-byo-hadoop in the patch passed.
+1 💚 unit 0m 16s hbase-shaded-mapreduce in the patch passed.
+1 💚 unit 0m 19s hbase-shaded-testing-util in the patch passed.
-1 ❌ unit 0m 30s /patch-unit-hbase-shaded_hbase-shaded-testing-util-tester.txt hbase-shaded-testing-util-tester in the patch failed.
24m 2s
Subsystem Report/Notes
Docker ClientAPI=1.47 ServerAPI=1.47 base: https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-6414/1/artifact/yetus-jdk8-hadoop2-check/output/Dockerfile
GITHUB PR #6414
Optional Tests javac javadoc unit shadedjars compile
uname Linux cd61a7008568 5.4.0-195-generic #215-Ubuntu SMP Fri Aug 2 18:28:05 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux
Build tool maven
Personality dev-support/hbase-personality.sh
git revision branch-2.5 / ec72bad
Default Java Temurin-1.8.0_412-b08
Test Results https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-6414/1/testReport/
Max. process+thread count 135 (vs. ulimit of 30000)
modules C: hbase-shaded/hbase-shaded-client-byo-hadoop hbase-shaded/hbase-shaded-mapreduce hbase-shaded/hbase-shaded-testing-util hbase-shaded/hbase-shaded-testing-util-tester U: hbase-shaded
Console output https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-6414/1/console
versions git=2.34.1 maven=3.9.8
Powered by Apache Yetus 0.15.0 https://yetus.apache.org

This message was automatically generated.

@NihalJain
Copy link
Contributor Author

NihalJain commented Oct 30, 2024

Verified that with this PR dependency:tree does not have jackson 1.x for hadoop-3 profile:

hbase %  grep  1.9.13  tree_with_HBASE-28943_branch-2.5.txt
hbase %

@Apache-HBase
Copy link

Apache-HBase commented Oct 30, 2024

🎊 +1 overall

Vote Subsystem Runtime Logfile Comment
+0 🆗 reexec 0m 43s Docker mode activated.
_ Prechecks _
+1 💚 dupname 0m 0s No case conflicting files found.
+0 🆗 codespell 0m 0s codespell was not available.
+0 🆗 detsecrets 0m 0s detect-secrets was not available.
+1 💚 @author 0m 0s The patch does not contain any @author tags.
_ branch-2.5 Compile Tests _
+0 🆗 mvndep 0m 10s Maven dependency ordering for branch
+1 💚 mvninstall 3m 2s branch-2.5 passed
+1 💚 compile 0m 52s branch-2.5 passed
+1 💚 spotless 0m 45s branch has no errors when running spotless:check.
_ Patch Compile Tests _
+0 🆗 mvndep 0m 14s Maven dependency ordering for patch
+1 💚 mvninstall 2m 45s the patch passed
+1 💚 compile 0m 50s the patch passed
+1 💚 javac 0m 50s the patch passed
+1 💚 blanks 0m 0s The patch has no blanks issues.
+1 💚 xmllint 0m 0s No new issues.
+1 💚 hadoopcheck 21m 10s Patch does not cause any errors with Hadoop 2.10.2 or 3.2.4 3.3.6 3.4.0.
+1 💚 spotless 0m 44s patch has no errors when running spotless:check.
_ Other Tests _
+1 💚 asflicense 0m 34s The patch does not generate ASF License warnings.
33m 42s
Subsystem Report/Notes
Docker ClientAPI=1.43 ServerAPI=1.43 base: https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-6414/1/artifact/yetus-general-check/output/Dockerfile
GITHUB PR #6414
Optional Tests dupname asflicense javac codespell detsecrets xmllint hadoopcheck spotless compile
uname Linux 7429c1f3f50e 5.4.0-1103-aws #111~18.04.1-Ubuntu SMP Tue May 23 20:04:10 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux
Build tool maven
Personality dev-support/hbase-personality.sh
git revision branch-2.5 / ec72bad
Default Java Eclipse Adoptium-11.0.23+9
Max. process+thread count 79 (vs. ulimit of 30000)
modules C: hbase-shaded/hbase-shaded-client-byo-hadoop hbase-shaded/hbase-shaded-mapreduce hbase-shaded/hbase-shaded-testing-util hbase-shaded/hbase-shaded-testing-util-tester U: hbase-shaded
Console output https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-6414/1/console
versions git=2.34.1 maven=3.9.8 xmllint=20913
Powered by Apache Yetus 0.15.0 https://yetus.apache.org

This message was automatically generated.

@NihalJain
Copy link
Contributor Author

NihalJain commented Oct 30, 2024

hbase-shaded-testing-util-tester in the patch failed.

Not related to this change but is an existing issue. Need to raise bug for this. Ran with / without change the module fails to run tests

@NihalJain
Copy link
Contributor Author

NihalJain commented Oct 30, 2024

hbase-shaded-testing-util-tester in the patch failed.

Not related to this change but is an existing issue. Need to raise bug for this. Ran with / without change the module fails to run tests

Created https://issues.apache.org/jira/browse/HBASE-28944

@NihalJain
Copy link
Contributor Author

NihalJain commented Nov 4, 2024

Will merge this PR today as failures are not related and are handled with HBASE-28944!

@NihalJain NihalJain merged commit 25bce14 into apache:branch-2.5 Nov 6, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

backport This PR is a back port of some issue or issues already committed to master

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@NihalJain @Apache-HBase