From 01e91adb680e558253afe2f0f5db027ce3fc224f Mon Sep 17 00:00:00 2001
From: Slava Tutrinov <vyacheslav.tutrinov@wandisco.com>
Date: Mon, 4 Mar 2024 12:18:43 +0300
Subject: [PATCH 1/2] HDDS-10459. replace snappy-java:1.1.8.2 with
 snappy-java:1.1.10.5 for hadoop-common (CVE fix)

---
 hadoop-hdds/hadoop-dependency-client/pom.xml | 9 +++++++++
 hadoop-hdds/hadoop-dependency-server/pom.xml | 9 +++++++++
 2 files changed, 18 insertions(+)

diff --git a/hadoop-hdds/hadoop-dependency-client/pom.xml b/hadoop-hdds/hadoop-dependency-client/pom.xml
index d2a8372bdd17..23d69ab2343b 100644
--- a/hadoop-hdds/hadoop-dependency-client/pom.xml
+++ b/hadoop-hdds/hadoop-dependency-client/pom.xml
@@ -43,6 +43,10 @@ https://maven.apache.org/xsd/maven-4.0.0.xsd">
       <artifactId>hadoop-common</artifactId>
       <version>${hadoop.version}</version>
       <exclusions>
+        <exclusion>
+          <groupId>org.xerial.snappy</groupId>
+          <artifactId>snappy-java</artifactId>
+        </exclusion>
         <exclusion>
           <groupId>org.apache.hadoop</groupId>
           <artifactId>hadoop-annotations</artifactId>
@@ -290,5 +294,10 @@ https://maven.apache.org/xsd/maven-4.0.0.xsd">
         </exclusion>
       </exclusions>
     </dependency>
+    <dependency>
+      <groupId>org.xerial.snappy</groupId>
+      <artifactId>snappy-java</artifactId>
+      <version>1.1.10.5</version>
+    </dependency>
   </dependencies>
 </project>
diff --git a/hadoop-hdds/hadoop-dependency-server/pom.xml b/hadoop-hdds/hadoop-dependency-server/pom.xml
index feaf3de5a11a..816eb9f5ac6c 100644
--- a/hadoop-hdds/hadoop-dependency-server/pom.xml
+++ b/hadoop-hdds/hadoop-dependency-server/pom.xml
@@ -43,6 +43,10 @@ https://maven.apache.org/xsd/maven-4.0.0.xsd">
       <artifactId>hadoop-common</artifactId>
       <version>${hadoop.version}</version>
       <exclusions>
+        <exclusion>
+          <groupId>org.xerial.snappy</groupId>
+          <artifactId>snappy-java</artifactId>
+        </exclusion>
         <exclusion>
           <groupId>org.apache.curator</groupId>
           <artifactId>*</artifactId>
@@ -138,5 +142,10 @@ https://maven.apache.org/xsd/maven-4.0.0.xsd">
         </exclusion>
       </exclusions>
     </dependency>
+    <dependency>
+      <groupId>org.xerial.snappy</groupId>
+      <artifactId>snappy-java</artifactId>
+      <version>1.1.10.5</version>
+    </dependency>
   </dependencies>
 </project>

From 3076e11e8c09e9464b5e13c043e4f2bb5cbfb17d Mon Sep 17 00:00:00 2001
From: Slava Tutrinov <vyacheslav.tutrinov@wandisco.com>
Date: Mon, 4 Mar 2024 14:03:46 +0300
Subject: [PATCH 2/2] HDDS-10459. move the snappy-java's dependency version to
 the root pom.xml

---
 hadoop-hdds/hadoop-dependency-client/pom.xml | 1 -
 hadoop-hdds/hadoop-dependency-server/pom.xml | 1 -
 pom.xml                                      | 6 ++++++
 3 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/hadoop-hdds/hadoop-dependency-client/pom.xml b/hadoop-hdds/hadoop-dependency-client/pom.xml
index 23d69ab2343b..f29232090fdf 100644
--- a/hadoop-hdds/hadoop-dependency-client/pom.xml
+++ b/hadoop-hdds/hadoop-dependency-client/pom.xml
@@ -297,7 +297,6 @@ https://maven.apache.org/xsd/maven-4.0.0.xsd">
     <dependency>
       <groupId>org.xerial.snappy</groupId>
       <artifactId>snappy-java</artifactId>
-      <version>1.1.10.5</version>
     </dependency>
   </dependencies>
 </project>
diff --git a/hadoop-hdds/hadoop-dependency-server/pom.xml b/hadoop-hdds/hadoop-dependency-server/pom.xml
index 816eb9f5ac6c..82e4c33325e2 100644
--- a/hadoop-hdds/hadoop-dependency-server/pom.xml
+++ b/hadoop-hdds/hadoop-dependency-server/pom.xml
@@ -145,7 +145,6 @@ https://maven.apache.org/xsd/maven-4.0.0.xsd">
     <dependency>
       <groupId>org.xerial.snappy</groupId>
       <artifactId>snappy-java</artifactId>
-      <version>1.1.10.5</version>
     </dependency>
   </dependencies>
 </project>
diff --git a/pom.xml b/pom.xml
index 4de8939083a0..898b675893a3 100644
--- a/pom.xml
+++ b/pom.xml
@@ -306,6 +306,7 @@ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xs
     <native.lib.tmp.dir></native.lib.tmp.dir>
     <properties.maven.plugin.version>1.2.1</properties.maven.plugin.version>
     <maven.core.version>3.9.6</maven.core.version>
+    <snappy-java.version>1.1.10.5</snappy-java.version>
   </properties>
 
   <dependencyManagement>
@@ -1548,6 +1549,11 @@ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xs
         <artifactId>mockito-inline</artifactId>
         <version>${mockito.version}</version>
       </dependency>
+      <dependency>
+        <groupId>org.xerial.snappy</groupId>
+        <artifactId>snappy-java</artifactId>
+        <version>${snappy-java.version}</version>
+      </dependency>
     </dependencies>
   </dependencyManagement>