Skip to content

HDDS-10588. Bump hadoop-shaded-guava to 1.2.0 #6440

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
adoroszlai merged 3 commits into from
Mar 27, 2024
Merged

HDDS-10588. Bump hadoop-shaded-guava to 1.2.0 #6440

adoroszlai merged 3 commits into from
Mar 27, 2024

Conversation

@vtutrinov
Copy link
Contributor

@vtutrinov vtutrinov commented Mar 26, 2024

What changes were proposed in this pull request?

The current hadoop-shaded-guava (1.1.1) depends/built on guava-30.1.1 that has a CVE - https://nvd.nist.gov/vuln/detail/CVE-2023-2976. Upgrading the hadoop-shaded-guava up to 1.2.0 resolves the issue (depends on guava-32.0.1)

What is the link to the Apache JIRA

https://issues.apache.org/jira/browse/HDDS-10588

How was this patch tested?

Existing hadoop related robot tests

@adoroszlai adoroszlai added the dependencies Pull requests that update a dependency file label Mar 26, 2024
adoroszlai
adoroszlai reviewed Mar 26, 2024
View reviewed changes
Copy link
Contributor

@adoroszlai adoroszlai left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @vtutrinov for the patch.

@adoroszlai adoroszlai changed the title HDDS-10588. set the hadoop-shaded-guava lib version up to 1.2.0 HDDS-10588. Bump hadoop-shaded-guava to 1.2.0 Mar 26, 2024
HDDS-10588. revert changes from ozonefs-hadoop3 (as non-required), ad…
545f529 
…d hadoop-shaded-guava to dependencyManagement section
adoroszlai
adoroszlai reviewed Mar 27, 2024
View reviewed changes
@adoroszlai adoroszlai merged commit 6822d53 into apache:master Mar 27, 2024
myskov pushed a commit to myskov/ozone that referenced this pull request Apr 4, 2024
@vtutrinov
HDDS-10588. Bump hadoop-shaded-guava to 1.2.0 (apache#6440)
f7430a5 
(cherry picked from commit 6822d53)
@myskov myskov mentioned this pull request Apr 4, 2024
Merged
jojochuang pushed a commit to jojochuang/ozone that referenced this pull request May 29, 2024
@vtutrinov
HDDS-10588. Bump hadoop-shaded-guava to 1.2.0 (apache#6440)
f1dc743 
(cherry picked from commit 6822d53)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@adoroszlai adoroszlai adoroszlai approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@vtutrinov @adoroszlai