HADOOP-13386 Upgrade avro version in Hadoop

[KalmanJantner]

No description provided.

[hadoop-yetus]

💔 -1 overall

Vote	Subsystem	Runtime	Comment
0	reexec	30	Docker mode activated.
		_ Prechecks _
+1	@author	0	The patch does not contain any @author tags.
-1	test4tests	0	The patch doesn't appear to include any new or modified tests. Please justify why no new tests are needed for this patch. Also please list what manual steps were performed to verify this patch.
		_ trunk Compile Tests _
0	mvndep	61	Maven dependency ordering for branch
+1	mvninstall	1020	trunk passed
+1	compile	976	trunk passed
+1	mvnsite	52	trunk passed
+1	shadedclient	2778	branch has no errors when building and testing our client artifacts.
+1	javadoc	47	trunk passed
		_ Patch Compile Tests _
0	mvndep	25	Maven dependency ordering for patch
+1	mvninstall	133	the patch passed
+1	compile	918	the patch passed
+1	javac	918	the patch passed
+1	mvnsite	63	the patch passed
+1	whitespace	0	The patch has no whitespace issues.
+1	xml	3	The patch has no ill-formed XML file.
+1	shadedclient	651	patch has no errors when building and testing our client artifacts.
+1	javadoc	46	the patch passed
		_ Other Tests _
+1	unit	20	hadoop-project in the patch passed.
+1	unit	36	hadoop-client-runtime in the patch passed.
+1	asflicense	49	The patch does not generate ASF License warnings.
		4981

Subsystem	Report/Notes
Docker	Client=17.05.0-ce Server=17.05.0-ce base: https://builds.apache.org/job/hadoop-multibranch/job/PR-761/1/artifact/out/Dockerfile
GITHUB PR	#761
Optional Tests	dupname asflicense compile javac javadoc mvninstall mvnsite unit shadedclient xml
uname	Linux 8500e153291e 4.4.0-139-generic #165-Ubuntu SMP Wed Oct 24 10:58:50 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
Build tool	maven
Personality	personality/hadoop.sh
git revision	trunk / 8a95ea6
maven	version: Apache Maven 3.3.9
Default Java	1.8.0_191
Test Results	https://builds.apache.org/job/hadoop-multibranch/job/PR-761/1/testReport/
Max. process+thread count	444 (vs. ulimit of 5500)
modules	C: hadoop-project hadoop-client-modules/hadoop-client-runtime U: .
Console output	https://builds.apache.org/job/hadoop-multibranch/job/PR-761/1/console
Powered by	Apache Yetus 0.9.0 http://yetus.apache.org

This message was automatically generated.

[steveloughran]

why this? Should it be a separate PR from the avro update?

[steveloughran]

if we are going to move, move to 1.8.2

[steveloughran]

or better, 1.9.x

[Fokko]

If we upgrade to Avro 1.9.0, then xz isn't included as a dependency.

[steveloughran]

Based on @Fokko's input (them being an Avro author and all), I think we should upgrade to the 1.9.0 release and not need the exclusion.

[Fokko]

@KalmanJantner Gentle ping, are you still working on this?

[KalmanJantner]

@Fokko terribly sorry but I'm afraid I cannot allocate time to work on this. Could you please reassign this task to someone who can do the necessary changes?

[Fokko]

I've rebase #1007. It compiles locally, I'll work on the failing tests.

[hadoop-yetus]

💔 -1 overall

Vote	Subsystem	Runtime	Comment
0	reexec	35	Docker mode activated.
		_ Prechecks _
+1	dupname	0	No case conflicting files found.
+1	@author	0	The patch does not contain any @author tags.
-1	test4tests	0	The patch doesn't appear to include any new or modified tests. Please justify why no new tests are needed for this patch. Also please list what manual steps were performed to verify this patch.
		_ trunk Compile Tests _
0	mvndep	20	Maven dependency ordering for branch
+1	mvninstall	1050	trunk passed
+1	compile	1026	trunk passed
+1	mvnsite	56	trunk passed
+1	shadedclient	2805	branch has no errors when building and testing our client artifacts.
+1	javadoc	46	trunk passed
		_ Patch Compile Tests _
0	mvndep	27	Maven dependency ordering for patch
+1	mvninstall	130	the patch passed
+1	compile	1009	the patch passed
+1	javac	1009	the patch passed
+1	mvnsite	56	the patch passed
+1	whitespace	0	The patch has no whitespace issues.
+1	xml	6	The patch has no ill-formed XML file.
+1	shadedclient	648	patch has no errors when building and testing our client artifacts.
+1	javadoc	48	the patch passed
		_ Other Tests _
+1	unit	27	hadoop-project in the patch passed.
+1	unit	33	hadoop-client-runtime in the patch passed.
+1	asflicense	45	The patch does not generate ASF License warnings.
		5079

Subsystem	Report/Notes
Docker	Client=18.09.8 Server=18.09.8 base: https://builds.apache.org/job/hadoop-multibranch/job/PR-761/2/artifact/out/Dockerfile
GITHUB PR	#761
Optional Tests	dupname asflicense compile javac javadoc mvninstall mvnsite unit shadedclient xml
uname	Linux 2d3e20157e9c 4.4.0-138-generic #164-Ubuntu SMP Tue Oct 2 17:16:02 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
Build tool	maven
Personality	personality/hadoop.sh
git revision	trunk / 6282c02
Default Java	1.8.0_212
Test Results	https://builds.apache.org/job/hadoop-multibranch/job/PR-761/2/testReport/
Max. process+thread count	412 (vs. ulimit of 5500)
modules	C: hadoop-project hadoop-client-modules/hadoop-client-runtime U: .
Console output	https://builds.apache.org/job/hadoop-multibranch/job/PR-761/2/console
versions	git=2.7.4 maven=3.3.9
Powered by	Apache Yetus 0.10.0 http://yetus.apache.org

This message was automatically generated.

[Fokko]

I don't think I need to modify/add any tests, right?

[hadoop-yetus]

💔 -1 overall

Vote	Subsystem	Runtime	Comment
0	reexec	41	Docker mode activated.
		_ Prechecks _
+1	dupname	0	No case conflicting files found.
+1	@author	0	The patch does not contain any @author tags.
-1	test4tests	0	The patch doesn't appear to include any new or modified tests. Please justify why no new tests are needed for this patch. Also please list what manual steps were performed to verify this patch.
		_ trunk Compile Tests _
0	mvndep	22	Maven dependency ordering for branch
+1	mvninstall	1082	trunk passed
+1	compile	1089	trunk passed
+1	mvnsite	48	trunk passed
+1	shadedclient	2874	branch has no errors when building and testing our client artifacts.
+1	javadoc	45	trunk passed
		_ Patch Compile Tests _
0	mvndep	25	Maven dependency ordering for patch
+1	mvninstall	131	the patch passed
+1	compile	990	the patch passed
+1	javac	990	the patch passed
+1	mvnsite	53	the patch passed
+1	whitespace	0	The patch has no whitespace issues.
+1	xml	3	The patch has no ill-formed XML file.
+1	shadedclient	630	patch has no errors when building and testing our client artifacts.
+1	javadoc	45	the patch passed
		_ Other Tests _
+1	unit	22	hadoop-project in the patch passed.
+1	unit	23	hadoop-client-runtime in the patch passed.
+1	asflicense	42	The patch does not generate ASF License warnings.
		5077

Subsystem	Report/Notes
Docker	Client=19.03.1 Server=19.03.1 base: https://builds.apache.org/job/hadoop-multibranch/job/PR-761/3/artifact/out/Dockerfile
GITHUB PR	#761
Optional Tests	dupname asflicense compile javac javadoc mvninstall mvnsite unit shadedclient xml
uname	Linux 6f65d2089035 4.4.0-139-generic #165-Ubuntu SMP Wed Oct 24 10:58:50 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
Build tool	maven
Personality	personality/hadoop.sh
git revision	trunk / c0a0c35
Default Java	1.8.0_212
Test Results	https://builds.apache.org/job/hadoop-multibranch/job/PR-761/3/testReport/
Max. process+thread count	447 (vs. ulimit of 5500)
modules	C: hadoop-project hadoop-client-modules/hadoop-client-runtime U: .
Console output	https://builds.apache.org/job/hadoop-multibranch/job/PR-761/3/console
versions	git=2.7.4 maven=3.3.9
Powered by	Apache Yetus 0.10.0 http://yetus.apache.org

This message was automatically generated.

[hadoop-yetus]

💔 -1 overall

Vote	Subsystem	Runtime	Comment
0	reexec	37	Docker mode activated.
		_ Prechecks _
+1	dupname	0	No case conflicting files found.
+1	@author	0	The patch does not contain any @author tags.
-1	test4tests	0	The patch doesn't appear to include any new or modified tests. Please justify why no new tests are needed for this patch. Also please list what manual steps were performed to verify this patch.
		_ trunk Compile Tests _
0	mvndep	24	Maven dependency ordering for branch
+1	mvninstall	1204	trunk passed
+1	compile	1092	trunk passed
+1	mvnsite	54	trunk passed
+1	shadedclient	3105	branch has no errors when building and testing our client artifacts.
+1	javadoc	49	trunk passed
		_ Patch Compile Tests _
0	mvndep	28	Maven dependency ordering for patch
+1	mvninstall	162	the patch passed
+1	compile	1136	the patch passed
+1	javac	1136	the patch passed
+1	mvnsite	56	the patch passed
+1	whitespace	0	The patch has no whitespace issues.
+1	xml	3	The patch has no ill-formed XML file.
+1	shadedclient	729	patch has no errors when building and testing our client artifacts.
+1	javadoc	48	the patch passed
		_ Other Tests _
+1	unit	23	hadoop-project in the patch passed.
+1	unit	26	hadoop-client-runtime in the patch passed.
+1	asflicense	43	The patch does not generate ASF License warnings.
		5614

Subsystem	Report/Notes
Docker	Client=19.03.1 Server=19.03.1 base: https://builds.apache.org/job/hadoop-multibranch/job/PR-761/4/artifact/out/Dockerfile
GITHUB PR	#761
Optional Tests	dupname asflicense compile javac javadoc mvninstall mvnsite unit shadedclient xml
uname	Linux 24d7ac2138f7 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux
Build tool	maven
Personality	personality/hadoop.sh
git revision	trunk / e20b195
Default Java	1.8.0_212
Test Results	https://builds.apache.org/job/hadoop-multibranch/job/PR-761/4/testReport/
Max. process+thread count	322 (vs. ulimit of 5500)
modules	C: hadoop-project hadoop-client-modules/hadoop-client-runtime U: .
Console output	https://builds.apache.org/job/hadoop-multibranch/job/PR-761/4/console
versions	git=2.7.4 maven=3.3.9
Powered by	Apache Yetus 0.10.0 http://yetus.apache.org

This message was automatically generated.

[hadoop-yetus]

💔 -1 overall

Vote	Subsystem	Runtime	Comment
0	reexec	39	Docker mode activated.
		_ Prechecks _
+1	dupname	0	No case conflicting files found.
+1	@author	0	The patch does not contain any @author tags.
-1	test4tests	0	The patch doesn't appear to include any new or modified tests. Please justify why no new tests are needed for this patch. Also please list what manual steps were performed to verify this patch.
		_ trunk Compile Tests _
0	mvndep	21	Maven dependency ordering for branch
+1	mvninstall	1054	trunk passed
+1	compile	1074	trunk passed
+1	mvnsite	45	trunk passed
+1	shadedclient	2840	branch has no errors when building and testing our client artifacts.
+1	javadoc	45	trunk passed
		_ Patch Compile Tests _
0	mvndep	21	Maven dependency ordering for patch
+1	mvninstall	124	the patch passed
+1	compile	1227	the patch passed
+1	javac	1227	the patch passed
+1	mvnsite	41	the patch passed
+1	whitespace	0	The patch has no whitespace issues.
+1	xml	3	The patch has no ill-formed XML file.
+1	shadedclient	615	patch has no errors when building and testing our client artifacts.
+1	javadoc	39	the patch passed
		_ Other Tests _
+1	unit	21	hadoop-project in the patch passed.
+1	unit	23	hadoop-client-runtime in the patch passed.
+1	asflicense	40	The patch does not generate ASF License warnings.
		5230

Subsystem	Report/Notes
Docker	Client=19.03.1 Server=19.03.1 base: https://builds.apache.org/job/hadoop-multibranch/job/PR-761/5/artifact/out/Dockerfile
GITHUB PR	#761
Optional Tests	dupname asflicense compile javac javadoc mvninstall mvnsite unit shadedclient xml
uname	Linux fd8fc986e34a 4.4.0-138-generic #164-Ubuntu SMP Tue Oct 2 17:16:02 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
Build tool	maven
Personality	personality/hadoop.sh
git revision	trunk / 70b4617
Default Java	1.8.0_222
Test Results	https://builds.apache.org/job/hadoop-multibranch/job/PR-761/5/testReport/
Max. process+thread count	412 (vs. ulimit of 5500)
modules	C: hadoop-project hadoop-client-modules/hadoop-client-runtime U: .
Console output	https://builds.apache.org/job/hadoop-multibranch/job/PR-761/5/console
versions	git=2.7.4 maven=3.3.9
Powered by	Apache Yetus 0.10.0 http://yetus.apache.org

This message was automatically generated.

[hadoop-yetus]

💔 -1 overall

Vote	Subsystem	Runtime	Comment
0	reexec	43	Docker mode activated.
		_ Prechecks _
+1	dupname	0	No case conflicting files found.
+1	@author	0	The patch does not contain any @author tags.
-1	test4tests	0	The patch doesn't appear to include any new or modified tests. Please justify why no new tests are needed for this patch. Also please list what manual steps were performed to verify this patch.
		_ trunk Compile Tests _
0	mvndep	22	Maven dependency ordering for branch
+1	mvninstall	1172	trunk passed
+1	compile	1084	trunk passed
+1	mvnsite	47	trunk passed
+1	shadedclient	2978	branch has no errors when building and testing our client artifacts.
+1	javadoc	41	trunk passed
		_ Patch Compile Tests _
0	mvndep	25	Maven dependency ordering for patch
+1	mvninstall	139	the patch passed
+1	compile	1035	the patch passed
+1	javac	1035	the patch passed
+1	mvnsite	47	the patch passed
+1	whitespace	0	The patch has no whitespace issues.
+1	xml	2	The patch has no ill-formed XML file.
+1	shadedclient	658	patch has no errors when building and testing our client artifacts.
+1	javadoc	39	the patch passed
		_ Other Tests _
+1	unit	19	hadoop-project in the patch passed.
+1	unit	21	hadoop-client-runtime in the patch passed.
+1	asflicense	42	The patch does not generate ASF License warnings.
		5241

Subsystem	Report/Notes
Docker	Client=19.03.1 Server=19.03.1 base: https://builds.apache.org/job/hadoop-multibranch/job/PR-761/6/artifact/out/Dockerfile
GITHUB PR	#761
Optional Tests	dupname asflicense compile javac javadoc mvninstall mvnsite unit shadedclient xml
uname	Linux 2473a1a9820c 4.4.0-138-generic #164-Ubuntu SMP Tue Oct 2 17:16:02 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
Build tool	maven
Personality	personality/hadoop.sh
git revision	trunk / 397a563
Default Java	1.8.0_212
Test Results	https://builds.apache.org/job/hadoop-multibranch/job/PR-761/6/testReport/
Max. process+thread count	412 (vs. ulimit of 5500)
modules	C: hadoop-project hadoop-client-modules/hadoop-client-runtime U: .
Console output	https://builds.apache.org/job/hadoop-multibranch/job/PR-761/6/console
versions	git=2.7.4 maven=3.3.9
Powered by	Apache Yetus 0.10.0 http://yetus.apache.org

This message was automatically generated.

[hadoop-yetus]

💔 -1 overall

Vote	Subsystem	Runtime	Comment
0	reexec	96	Docker mode activated.
		_ Prechecks _
+1	dupname	0	No case conflicting files found.
+1	@author	0	The patch does not contain any @author tags.
-1	test4tests	0	The patch doesn't appear to include any new or modified tests. Please justify why no new tests are needed for this patch. Also please list what manual steps were performed to verify this patch.
		_ trunk Compile Tests _
0	mvndep	24	Maven dependency ordering for branch
+1	mvninstall	1228	trunk passed
+1	compile	1207	trunk passed
+1	mvnsite	52	trunk passed
+1	shadedclient	3295	branch has no errors when building and testing our client artifacts.
+1	javadoc	49	trunk passed
		_ Patch Compile Tests _
0	mvndep	28	Maven dependency ordering for patch
+1	mvninstall	156	the patch passed
+1	compile	1075	the patch passed
+1	javac	1075	the patch passed
+1	mvnsite	58	the patch passed
+1	whitespace	0	The patch has no whitespace issues.
+1	xml	3	The patch has no ill-formed XML file.
+1	shadedclient	799	patch has no errors when building and testing our client artifacts.
+1	javadoc	53	the patch passed
		_ Other Tests _
+1	unit	25	hadoop-project in the patch passed.
+1	unit	29	hadoop-client-runtime in the patch passed.
+1	asflicense	59	The patch does not generate ASF License warnings.
		5906

Subsystem	Report/Notes
Docker	Client=19.03.0 Server=19.03.0 base: https://builds.apache.org/job/hadoop-multibranch/job/PR-761/7/artifact/out/Dockerfile
GITHUB PR	#761
Optional Tests	dupname asflicense compile javac javadoc mvninstall mvnsite unit shadedclient xml
uname	Linux d3538e54e6f6 4.15.0-52-generic #56-Ubuntu SMP Tue Jun 4 22:49:08 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux
Build tool	maven
Personality	personality/hadoop.sh
git revision	trunk / e356e4f
Default Java	1.8.0_212
Test Results	https://builds.apache.org/job/hadoop-multibranch/job/PR-761/7/testReport/
Max. process+thread count	308 (vs. ulimit of 5500)
modules	C: hadoop-project hadoop-client-modules/hadoop-client-runtime U: .
Console output	https://builds.apache.org/job/hadoop-multibranch/job/PR-761/7/console
versions	git=2.7.4 maven=3.3.9
Powered by	Apache Yetus 0.10.0 http://yetus.apache.org

This message was automatically generated.

[hadoop-yetus]

💔 -1 overall

Vote	Subsystem	Runtime	Comment
0	reexec	71	Docker mode activated.
		_ Prechecks _
+1	dupname	1	No case conflicting files found.
+1	@author	0	The patch does not contain any @author tags.
-1	test4tests	0	The patch doesn't appear to include any new or modified tests. Please justify why no new tests are needed for this patch. Also please list what manual steps were performed to verify this patch.
		_ trunk Compile Tests _
0	mvndep	21	Maven dependency ordering for branch
+1	mvninstall	1093	trunk passed
+1	compile	1113	trunk passed
+1	mvnsite	43	trunk passed
+1	shadedclient	2900	branch has no errors when building and testing our client artifacts.
+1	javadoc	40	trunk passed
		_ Patch Compile Tests _
0	mvndep	24	Maven dependency ordering for patch
+1	mvninstall	130	the patch passed
+1	compile	1033	the patch passed
+1	javac	1033	the patch passed
+1	mvnsite	43	the patch passed
+1	whitespace	0	The patch has no whitespace issues.
+1	xml	2	The patch has no ill-formed XML file.
+1	shadedclient	626	patch has no errors when building and testing our client artifacts.
+1	javadoc	42	the patch passed
		_ Other Tests _
+1	unit	21	hadoop-project in the patch passed.
+1	unit	22	hadoop-client-runtime in the patch passed.
+1	asflicense	41	The patch does not generate ASF License warnings.
		5152

Subsystem	Report/Notes
Docker	Client=19.03.1 Server=19.03.1 base: https://builds.apache.org/job/hadoop-multibranch/job/PR-761/8/artifact/out/Dockerfile
GITHUB PR	#761
Optional Tests	dupname asflicense compile javac javadoc mvninstall mvnsite unit shadedclient xml
uname	Linux 30eb33d87ffe 4.4.0-138-generic #164-Ubuntu SMP Tue Oct 2 17:16:02 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
Build tool	maven
Personality	personality/hadoop.sh
git revision	trunk / 094d736
Default Java	1.8.0_222
Test Results	https://builds.apache.org/job/hadoop-multibranch/job/PR-761/8/testReport/
Max. process+thread count	412 (vs. ulimit of 5500)
modules	C: hadoop-project hadoop-client-modules/hadoop-client-runtime U: .
Console output	https://builds.apache.org/job/hadoop-multibranch/job/PR-761/8/console
versions	git=2.7.4 maven=3.3.9
Powered by	Apache Yetus 0.10.0 http://yetus.apache.org

This message was automatically generated.

[hadoop-yetus]

💔 -1 overall

Vote	Subsystem	Runtime	Comment
0	reexec	40	Docker mode activated.
		_ Prechecks _
+1	dupname	0	No case conflicting files found.
+1	@author	0	The patch does not contain any @author tags.
-1	test4tests	0	The patch doesn't appear to include any new or modified tests. Please justify why no new tests are needed for this patch. Also please list what manual steps were performed to verify this patch.
		_ trunk Compile Tests _
0	mvndep	24	Maven dependency ordering for branch
+1	mvninstall	1118	trunk passed
+1	compile	1031	trunk passed
+1	mvnsite	44	trunk passed
+1	shadedclient	2870	branch has no errors when building and testing our client artifacts.
+1	javadoc	41	trunk passed
		_ Patch Compile Tests _
0	mvndep	25	Maven dependency ordering for patch
+1	mvninstall	137	the patch passed
+1	compile	1060	the patch passed
+1	javac	1060	the patch passed
+1	mvnsite	41	the patch passed
+1	whitespace	0	The patch has no whitespace issues.
+1	xml	2	The patch has no ill-formed XML file.
+1	shadedclient	614	patch has no errors when building and testing our client artifacts.
+1	javadoc	41	the patch passed
		_ Other Tests _
+1	unit	20	hadoop-project in the patch passed.
+1	unit	20	hadoop-client-runtime in the patch passed.
+1	asflicense	40	The patch does not generate ASF License warnings.
		5099

Subsystem	Report/Notes
Docker	Client=19.03.1 Server=19.03.1 base: https://builds.apache.org/job/hadoop-multibranch/job/PR-761/9/artifact/out/Dockerfile
GITHUB PR	#761
Optional Tests	dupname asflicense compile javac javadoc mvninstall mvnsite unit shadedclient xml
uname	Linux ae365358eaa2 4.4.0-138-generic #164-Ubuntu SMP Tue Oct 2 17:16:02 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
Build tool	maven
Personality	personality/hadoop.sh
git revision	trunk / 69ddb36
Default Java	1.8.0_222
Test Results	https://builds.apache.org/job/hadoop-multibranch/job/PR-761/9/testReport/
Max. process+thread count	445 (vs. ulimit of 5500)
modules	C: hadoop-project hadoop-client-modules/hadoop-client-runtime U: .
Console output	https://builds.apache.org/job/hadoop-multibranch/job/PR-761/9/console
versions	git=2.7.4 maven=3.3.9
Powered by	Apache Yetus 0.10.0 http://yetus.apache.org

This message was automatically generated.

[hadoop-yetus]

💔 -1 overall

Vote	Subsystem	Runtime	Comment
0	reexec	35	Docker mode activated.
		_ Prechecks _
+1	dupname	1	No case conflicting files found.
+1	@author	0	The patch does not contain any @author tags.
-1	test4tests	0	The patch doesn't appear to include any new or modified tests. Please justify why no new tests are needed for this patch. Also please list what manual steps were performed to verify this patch.
		_ trunk Compile Tests _
0	mvndep	23	Maven dependency ordering for branch
+1	mvninstall	1186	trunk passed
+1	compile	1057	trunk passed
+1	mvnsite	49	trunk passed
+1	shadedclient	3075	branch has no errors when building and testing our client artifacts.
+1	javadoc	47	trunk passed
		_ Patch Compile Tests _
0	mvndep	23	Maven dependency ordering for patch
+1	mvninstall	148	the patch passed
+1	compile	1036	the patch passed
+1	javac	1036	the patch passed
+1	mvnsite	57	the patch passed
+1	whitespace	0	The patch has no whitespace issues.
+1	xml	3	The patch has no ill-formed XML file.
+1	shadedclient	752	patch has no errors when building and testing our client artifacts.
+1	javadoc	42	the patch passed
		_ Other Tests _
+1	unit	20	hadoop-project in the patch passed.
+1	unit	21	hadoop-client-runtime in the patch passed.
+1	asflicense	47	The patch does not generate ASF License warnings.
		5471

Subsystem	Report/Notes
Docker	Client=19.03.1 Server=19.03.1 base: https://builds.apache.org/job/hadoop-multibranch/job/PR-761/10/artifact/out/Dockerfile
GITHUB PR	#761
Optional Tests	dupname asflicense compile javac javadoc mvninstall mvnsite unit shadedclient xml
uname	Linux ecc4bcb50433 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux
Build tool	maven
Personality	personality/hadoop.sh
git revision	trunk / 3329257
Default Java	1.8.0_222
Test Results	https://builds.apache.org/job/hadoop-multibranch/job/PR-761/10/testReport/
Max. process+thread count	339 (vs. ulimit of 5500)
modules	C: hadoop-project hadoop-client-modules/hadoop-client-runtime U: .
Console output	https://builds.apache.org/job/hadoop-multibranch/job/PR-761/10/console
versions	git=2.7.4 maven=3.3.9
Powered by	Apache Yetus 0.10.0 http://yetus.apache.org

This message was automatically generated.

[hadoop-yetus]

💔 -1 overall

Vote	Subsystem	Runtime	Comment
0	reexec	81	Docker mode activated.
		_ Prechecks _
+1	dupname	0	No case conflicting files found.
+1	@author	0	The patch does not contain any @author tags.
-1	test4tests	0	The patch doesn't appear to include any new or modified tests. Please justify why no new tests are needed for this patch. Also please list what manual steps were performed to verify this patch.
		_ trunk Compile Tests _
0	mvndep	22	Maven dependency ordering for branch
+1	mvninstall	1330	trunk passed
+1	compile	1176	trunk passed
+1	mvnsite	57	trunk passed
+1	shadedclient	3341	branch has no errors when building and testing our client artifacts.
+1	javadoc	53	trunk passed
		_ Patch Compile Tests _
0	mvndep	33	Maven dependency ordering for patch
+1	mvninstall	175	the patch passed
+1	compile	1107	the patch passed
+1	javac	1107	the patch passed
+1	mvnsite	57	the patch passed
+1	whitespace	1	The patch has no whitespace issues.
+1	xml	3	The patch has no ill-formed XML file.
+1	shadedclient	728	patch has no errors when building and testing our client artifacts.
+1	javadoc	43	the patch passed
		_ Other Tests _
+1	unit	20	hadoop-project in the patch passed.
+1	unit	24	hadoop-client-runtime in the patch passed.
+1	asflicense	49	The patch does not generate ASF License warnings.
		5884

Subsystem	Report/Notes
Docker	Client=19.03.1 Server=19.03.1 base: https://builds.apache.org/job/hadoop-multibranch/job/PR-761/11/artifact/out/Dockerfile
GITHUB PR	#761
Optional Tests	dupname asflicense compile javac javadoc mvninstall mvnsite unit shadedclient xml
uname	Linux b5275b5e9ae2 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux
Build tool	maven
Personality	personality/hadoop.sh
git revision	trunk / 915cbc9
Default Java	1.8.0_222
Test Results	https://builds.apache.org/job/hadoop-multibranch/job/PR-761/11/testReport/
Max. process+thread count	306 (vs. ulimit of 5500)
modules	C: hadoop-project hadoop-client-modules/hadoop-client-runtime U: .
Console output	https://builds.apache.org/job/hadoop-multibranch/job/PR-761/11/console
versions	git=2.7.4 maven=3.3.9
Powered by	Apache Yetus 0.10.0 http://yetus.apache.org

This message was automatically generated.

[aajisaka]

Now the latest avro version is 1.10.2. How it is going?

[VidhiBhansali]

Hi team,
The most recent version 3.3.4 of hadoop-common is using Avro version 1.7.7 which is using more than one vulnerable 3rd party packages and has about 6 CVEs - https://mvnrepository.com/artifact/org.apache.avro/avro/1.7.7

Is there any ongoing work to update the dependency to the latest clean version of Avro which is 1.11.1 ? If not can you please prioritize on updating the version to 1.11.0? We are using hadoop-common in our project and getting flagged for dependency on Avro version 1.7.7

[pjfanning]

@VidhiBhansali this PR is not maintained and is now out of date. There is a JIRA open - maybe you could watch that issue instead. https://issues.apache.org/jira/browse/HADOOP-18342 - that issue is not yet prioritised

[steveloughran]

If not can you please prioritize on updating the version to 1.11.0? We are using hadoop-common in our project and getting flagged for dependency on Avro version 1.7.7

this is a troublesome topic, one i wrote up recently and called out avro as an example

Yes, we could change the Avro release version by changing a single file in one of our POMS and cutting a new release.

However, this would break every single application with JARs which contained compiled classes generated buy a previous avro release. All of them. everywhere. Which means people would not touch it, which means that point releases needed to get our own CVEs fixed would not be adopted. Your concerns would go from "flagged as an issue" to "our program doesn't work"

If you want to do a release with all dependencies patched you are free to do so; within a single organisation may be able to
rebuild everything. If you are trying to provide Hadoop apps/libraries which need to be compatible at the binary level with code you can't control then I think it would be good for you to get involved in the hadoop project to help work with us on better solutions. For the case of Avro we are going to have to replicate what we do with parquet and guava; have our own private copy with all our generated Avro classes modified to refer exclusively to that.

This is not a be dismissive "yes we know", more a "yes, but how can we fix it?" response. if someone was to work full time on this, it would be great. but it will be work, which is why it's been neglected until now