Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

HDDS-10588. Bump hadoop-shaded-guava to 1.2.0 #6440

Merged

Conversation

vtutrinov
Copy link
Contributor

What changes were proposed in this pull request?

The current hadoop-shaded-guava (1.1.1) depends/built on guava-30.1.1 that has a CVE - https://nvd.nist.gov/vuln/detail/CVE-2023-2976. Upgrading the hadoop-shaded-guava up to 1.2.0 resolves the issue (depends on guava-32.0.1)

What is the link to the Apache JIRA

https://issues.apache.org/jira/browse/HDDS-10588

How was this patch tested?

Existing hadoop related robot tests

@adoroszlai adoroszlai added the dependencies Pull requests that update a dependency file label Mar 26, 2024
Copy link
Contributor

@adoroszlai adoroszlai left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @vtutrinov for the patch.

hadoop-ozone/ozonefs-hadoop3/pom.xml Outdated Show resolved Hide resolved
hadoop-hdds/hadoop-dependency-client/pom.xml Outdated Show resolved Hide resolved
@adoroszlai adoroszlai changed the title HDDS-10588. set the hadoop-shaded-guava lib version up to 1.2.0 HDDS-10588. Bump hadoop-shaded-guava to 1.2.0 Mar 26, 2024
…d hadoop-shaded-guava to dependencyManagement section
@adoroszlai adoroszlai merged commit 6822d53 into apache:master Mar 27, 2024
35 checks passed
myskov pushed a commit to myskov/ozone that referenced this pull request Apr 4, 2024
jojochuang pushed a commit to jojochuang/ozone that referenced this pull request May 29, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants