* HBASE-26523 Upgrade hbase-thirdparty dependency to 4.0.1 (#3988)
Signed-off-by: GeorryHuang <huangzhuoyue@apache.org>
* HBASE-25465 Use javac --release option for supporting cross version compilation (#4164)
Signed-off-by: Andrew Purtell <apurtell@apache.org>
* HBASE-26855 Delete unnecessary dependency on jaxb-runtime jar (#4236)
Signed-off-by: Duo Zhang <zhangduo@apache.org>
* spotless apply
Co-authored-by: Duo Zhang <zhangduo@apache.org>
Co-authored-by: Nick Dimiduk <ndimiduk@apache.org>
Signed-off-by: Andrew Purtell <apurtell@apache.org>
In org.apache.hadoop.hbase.http.SecurityHeadersFilter, marked
LimitedPrivate(CONFIG), static method getDefaultParameters(Configuration)
returning Map<String,String> was removed.
In org.apache.hadoop.hbase.filter.RandomRowFilter, marked Public, the
protected field 'random' of type java.util.Random was removed, which
might cause NoSuchFieldError exceptions in downstreamers.
Signed-off-by: Andrew Purtell <apurtell@apache.org>
Avoid the pattern where a Random object is allocated, used once or twice, and
then left for GC. This pattern triggers warnings from some static analysis tools
because this pattern leads to poor effective randomness. In a few cases we were
legitimately suffering from this issue; in others a change is still good to
reduce noise in analysis results.
Use ThreadLocalRandom where there is no requirement to set the seed to gain
good reuse.
Where useful relax use of SecureRandom to simply Random or ThreadLocalRandom,
which are unlikely to block if the system entropy pool is low, if we don't need
crypographically strong randomness for the use case. The exception to this is
normalization of use of Bytes#random to fill byte arrays with randomness.
Because Bytes#random may be used to generate key material it must be backed by
SecureRandom.
Signed-off-by: Duo Zhang <zhangduo@apache.org>
Revert "Preparing hbase release 2.4.10RC1; tagging and updates to CHANGES.md and RELEASENOTES.md"
This reverts commit 31a9beaf94.
This reverts commit 0dc107e15b.
This reverts commit a86548a257.
This reverts commit 27343174e7.
When starting a jetty http server, one can explicitly exclude certain (unsecure)
SSL cipher suites. This can be especially important, when the HBase cluster
needs to be compliant with security regulations (e.g. FIPS).
Currently it is possible to set the excluded ciphers for the ThriftServer
("hbase.thrift.ssl.exclude.cipher.suites") or for the RestServer
("hbase.rest.ssl.exclude.cipher.suites"), but one can not configure it for the
regular InfoServer started by e.g. the master or region servers.
In this commit I want to introduce a new configuration
"ssl.server.exclude.cipher.list" to configure the excluded cipher suites for the
http server started by the InfoServer. This parameter has the same name and will
work in the same way, as it was already implemented in hadoop (e.g. for hdfs/yarn).
See: HADOOP-12668, HADOOP-14341
Co-authored-by: Mate Szalay-Beko <symat@apache.com>
Signed-off-by: Peter Somogyi <psomogyi@apache.org>
bitterfox
Viraj Jasani
Duo Zhang
Andrew Purtell
Bri Augenreich
Andor Molnár
Bryan Beaudreault
Mate Szalay-Beko