Wei-Chiu Chuang
0c12873487
HADOOP-18079. Upgrade Netty to 4.1.77. ( #3977 ) ( #4592 )
...
Upgrade netty to address
CVE-2019-20444,
CVE-2019-20445
CVE-2022-24823
Contributed by Wei-Chiu Chuang
(cherry picked from commit a55ace7bc0
)
2022-07-27 03:10:20 +08:00
PJ Fanning
36cb8a6a2b
HADOOP-18354. Upgrade reload4j to 1.22.2 due to XXE vulnerability ( #4607 ). Contributed by PJ Fanning.
...
Signed-off-by: Ayush Saxena <ayushsaxena@apache.org>
2022-07-24 16:01:47 +05:30
PJ Fanning
6733ba56b8
HADOOP-18332. Remove rs-api dependency by downgrading jackson to 2.12.7. ( #4552 )
...
This downgrades jackson from the version switched to in
HADOOP-18033 (2.13.0), to Jackson 2.12.7.
This removes the dependency on javax.ws.rs-api,
so avoiding runtime problems with applications using
jersey-core v1 and/or jsr311-api.
The 2.12.7 release still contains the fix for CVE-2020-36518.
Contributed by PJ Fanning
2022-07-16 18:18:52 +01:00
Igor Dvorzhak
d41e0a9cc3
HADOOP-18300. Upgrade Gson dependency to version 2.9.0 ( #4454 )
...
Reviewed-by: Ayush Saxena <ayushsaxena@apache.org>
Signed-off-by: Chris Nauroth <cnauroth@apache.org>
(cherry picked from commit 77d1b194c7
)
2022-06-22 23:42:59 +00:00
Ashutosh Gupta
57fe613299
HDFS-16453. Upgrade okhttp from 2.7.5 to 4.9.3 ( #4229 )
...
Co-authored-by: Ashutosh Gupta <ashugpt@amazon.com>
Signed-off-by: Akira Ajisaka <aajisaka@apache.org>
(cherry picked from commit fb910bd906
)
Conflicts:
hadoop-project/pom.xml
2022-05-21 03:17:15 +09:00
Akira Ajisaka
603367c54f
HADOOP-18178. Upgrade jackson to 2.13.2 and jackson-databind to 2.13.2.2 ( #4147 )
...
(cherry picked from commit 4b786c797a
)
Conflicts:
LICENSE-binary
Co-authored-by: PJ Fanning <pjfanning@users.noreply.github.com>
Signed-off-by: Akira Ajisaka <aajisaka@apache.org>
2022-04-11 14:58:28 +09:00
Masatake Iwasaki
160b6d106d
HADOOP-18088. Replace log4j 1.x with reload4j. ( #4052 )
...
Co-authored-by: Wei-Chiu Chuang <weichiu@apache.org>
2022-04-07 08:33:13 +09:00
luoyuan3471
752a7b6d49
HADOOP-18044. Hadoop - Upgrade to jQuery 3.6.0 ( #3791 )
...
Co-authored-by: luoyuan <luoyuan@shopee.com>
(cherry picked from commit e2d620192a
)
2022-02-11 23:18:25 +08:00
Renukaprasad C
3bb4a09295
HADOOP-17946. Upgrade commons-lang to 3.12.0 ( #3575 )
...
(cherry picked from commit b923fa7a1c
)
2021-11-16 22:59:25 +08:00
Takanobu Asanuma
f00ab40b4d
HADOOP-17940. Upgrade Kafka to 2.8.1 ( #3488 )
...
Reviewed-by: Masatake Iwasaki <iwasakims@apache.org>
(cherry picked from commit 2068b0041c
)
2021-09-28 13:31:53 +09:00
Siyao Meng
226f94b4fc
HADOOP-17834. Bump aliyun-sdk-oss to 3.13.0 ( #3261 )
...
Change-Id: I335d4a2cb08c75dc24ef36bdfab51111f87e0762
Signed-off-by: Akira Ajisaka <aajisaka@apache.org>
(cherry picked from commit 3aaac8a1f6
)
2021-08-16 00:32:05 +09:00
Renukaprasad C
5b566c3914
HADOOP-17844. Upgrade JSON smart to 2.4.7 ( #3299 )
...
Signed-off-by: Akira Ajisaka <aajisaka@apache.org>
(cherry picked from commit b90389ae98
)
Conflicts:
LICENSE-binary
2021-08-14 20:00:38 +09:00
Akira Ajisaka
025ecf42be
HADOOP-17370. Upgrade commons-compress to 1.21 ( #3274 )
...
(cherry picked from commit 3565c9477d
)
2021-08-08 11:25:26 +09:00
Ahmed Hussein
22e7567475
HADOOP-17769. Upgrade JUnit to 4.13.2. fixes TestBlockRecovery ( #3130 ). Contributed by Ahmed Hussein. ( #3138 )
...
Signed-off-by: Ayush Saxena <ayushsaxena@apache.org>
(cherry picked from commit 581f43dce1
)
2021-06-25 22:48:56 +05:30
Takanobu Asanuma
d8689f1a08
Revert "HADOOP-17563. Update Bouncy Castle to 1.68. ( #2740 )" ( #3055 )
...
This reverts commit 0774116756
.
Reviewed-by: Wei-Chiu Chuang <weichiu@apache.org>
Reviewed-by: Akira Ajisaka <aajisaka@apache.org>
(cherry picked from commit 53ff2dfed3
)
2021-05-27 13:17:24 +09:00
Wei-Chiu Chuang
526dbe4716
HADOOP-17666. Update LICENSE for 3.3.1 ( #3011 )
...
* Inspected the jar files in the produced tarball and updated LICENSE-binary accordingly.
* add LICENSE from hadoop-thirdparty jars.
* remove any dependencies no longer in the tarball.
* Updated the license of thirdparty javascripts and C/C++ files.
Added LICENSE-asio.txt, copied from hadoop-hdfs-project/hadoop-hdfs-native-client/src/main/native/libhdfspp/third_party/asio-1.10.2/COPYING
Added LICENSE-gmock.txt, copied from hadoop-hdfs-project/hadoop-hdfs-native-client/src/main/native/libhdfspp/third_party/gmock-1.7.0/LICENSE
Added LICENSE-rapidxml.txt, copied from hadoop-hdfs-project/hadoop-hdfs-native-client/src/main/native/libhdfspp/third_party/rapidxml-1.13/rapidxml/license.txt
Added LICENSE-uriparser2.txt, copied from hadoop-hdfs-project/hadoop-hdfs-native-client/src/main/native/libhdfspp/third_party/uriparser2/uriparser2/uriparser/COPYING
Added LICENSE-tr2.txt, copied from the header of hadoop-hdfs-project/hadoop-hdfs-native-client/src/main/native/libhdfspp/third_party/uriparser2/uriparser2/tr2/optional.hpp
Added LICENSE-cJSON.txt, moved from the bottom of LICENSE.txt
* Generated license report for yarn-managed packages.
* Add LICENSE and NOTICES file of jaxb-api.
* Exclude LICENSE-binary-{yarn-applications-catalog-webapp|yarn-ui} from rat report.
These two files are autogenerated.
2021-05-21 18:15:48 -07:00
Aryan Gupta
28079e9c30
HADOOP-17283. Hadoop - Upgrade to jQuery 3.5.1 ( #2330 )
...
Signed-off-by: Takanobu Asanuma <tasanuma@apache.org>
(cherry picked from commit 486ddb73f9
)
2021-05-13 12:16:17 +08:00
dependabot[bot]
b2897fdd66
HADOOP-17683. Update commons-io to 2.8.0 ( #2974 )
...
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Akira Ajisaka <aajisaka@apache.org>
Signed-off-by: Wei-Chiu Chuang <weichiu@apache.org>
(cherry picked from commit 29105ffb63
)
2021-05-12 10:58:39 +09:00
Viraj Jasani
49f6326a9f
HADOOP-17633. Bump json-smart to 2.4.2 and nimbus-jose-jwt to 9.8 due to CVEs ( #2895 ). Contributed by Viraj Jasani.
...
Signed-off-by: Ayush Saxena <ayushsaxena@apache.org>
2021-04-16 12:41:06 +05:30
Ayush Saxena
28e89509a3
HADOOP-17586. Upgrade org.codehaus.woodstox:stax2-api to 4.2.1. ( #2769 ). Contributed by Ayush Saxena.
...
Signed-off-by: Mingliang Liu <liuml07@apache.org>
2021-03-13 15:10:27 +05:30
Takanobu Asanuma
e607d03995
HADOOP-17563. Update Bouncy Castle to 1.68. ( #2740 )
...
(cherry picked from commit 0774116756
)
2021-03-05 22:59:09 +09:00
Steve Loughran
e4bc64cce0
HADOOP-17343. Upgrade AWS SDK to 1.11.901 ( #2468 )
...
Contributed by Steve Loughran.
2020-11-23 14:09:14 +00:00
Akira Ajisaka
6b54f259e7
HADOOP-17049. javax.activation-api and jakarta.activation-api define overlapping classes ( #2027 )
...
* Removed javax.activation-api from dependency
(cherry picked from commit 52b21de1d8
)
2020-05-22 11:20:16 +09:00
Wei-Chiu Chuang
dda00d3ff5
YARN-10074. Update netty to 4.1.42Final in yarn-csi. Contributed by Wei-Chiu Chuang. ( #1807 )
2020-02-25 13:47:52 +09:00
Akira Ajisaka
d6d7f8d8c5
YARN-8374. Upgrade objenesis to 2.6 ( #1798 )
2020-02-19 09:50:37 +09:00
Akira Ajisaka
a40dc9ee31
HADOOP-15993. Upgrade Kafka to 2.4.0 in hadoop-kafka module. ( #1796 )
2020-01-09 16:24:58 +09:00
Zhankun Tang
12722ab0c7
YARN-10042. Upgrade grpc-xxx depdencies to 1.26.0. Contributed by Sheng Liu.
2019-12-20 11:10:27 +08:00
Yi Sheng
1843c4688a
HADOOP-16555. Update commons-compress to 1.19. ( #1425 ) Contributed by YiSheng Lien.
2019-09-14 02:11:04 +08:00
Akira Ajisaka
567091aa9b
HADOOP-15958. Revisiting LICENSE and NOTICE files.
...
This closes #1307
Reviewed-by: Masatake Iwasaki <iwasakims@apache.org>
2019-08-27 13:47:12 +09:00