You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-commits@hadoop.apache.org by st...@apache.org on 2022/07/29 18:11:07 UTC
svn commit: r56036 [1/3] - /dev/hadoop/hadoop-3.3.4-RC1/
Author: stevel
Date: Fri Jul 29 18:11:07 2022
New Revision: 56036
Log:
HADOOP-18305. Hadoop 3.3.4 RC1
Added:
dev/hadoop/hadoop-3.3.4-RC1/
dev/hadoop/hadoop-3.3.4-RC1/CHANGELOG.md
dev/hadoop/hadoop-3.3.4-RC1/CHANGELOG.md.asc
dev/hadoop/hadoop-3.3.4-RC1/CHANGELOG.md.sha512
dev/hadoop/hadoop-3.3.4-RC1/RELEASENOTES.md
dev/hadoop/hadoop-3.3.4-RC1/RELEASENOTES.md.asc
dev/hadoop/hadoop-3.3.4-RC1/RELEASENOTES.md.sha512
dev/hadoop/hadoop-3.3.4-RC1/hadoop-3.3.4-rat.txt
dev/hadoop/hadoop-3.3.4-RC1/hadoop-3.3.4-rat.txt.asc
dev/hadoop/hadoop-3.3.4-RC1/hadoop-3.3.4-rat.txt.sha512
dev/hadoop/hadoop-3.3.4-RC1/hadoop-3.3.4-site.tar.gz (with props)
dev/hadoop/hadoop-3.3.4-RC1/hadoop-3.3.4-site.tar.gz.asc
dev/hadoop/hadoop-3.3.4-RC1/hadoop-3.3.4-site.tar.gz.sha512
dev/hadoop/hadoop-3.3.4-RC1/hadoop-3.3.4-src.tar.gz (with props)
dev/hadoop/hadoop-3.3.4-RC1/hadoop-3.3.4-src.tar.gz.asc
dev/hadoop/hadoop-3.3.4-RC1/hadoop-3.3.4-src.tar.gz.sha512
dev/hadoop/hadoop-3.3.4-RC1/hadoop-3.3.4.tar.gz (with props)
dev/hadoop/hadoop-3.3.4-RC1/hadoop-3.3.4.tar.gz.asc
dev/hadoop/hadoop-3.3.4-RC1/hadoop-3.3.4.tar.gz.sha512
Added: dev/hadoop/hadoop-3.3.4-RC1/CHANGELOG.md
==============================================================================
--- dev/hadoop/hadoop-3.3.4-RC1/CHANGELOG.md (added)
+++ dev/hadoop/hadoop-3.3.4-RC1/CHANGELOG.md Fri Jul 29 18:11:07 2022
@@ -0,0 +1,56 @@
+
+<!---
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+-->
+# Apache Hadoop Changelog
+
+## Release 3.3.4 - 2022-07-29
+
+
+
+### IMPROVEMENTS:
+
+| JIRA | Summary | Priority | Component | Reporter | Contributor |
+|:---- |:---- | :--- |:---- |:---- |:---- |
+| [HADOOP-18044](https://issues.apache.org/jira/browse/HADOOP-18044) | Hadoop - Upgrade to JQuery 3.6.0 | Major | . | Yuan Luo | Yuan Luo |
+| [YARN-11195](https://issues.apache.org/jira/browse/YARN-11195) | Document how to configure NUMA in YARN | Major | documentation | Prabhu Joseph | Samrat Deb |
+| [HADOOP-18332](https://issues.apache.org/jira/browse/HADOOP-18332) | Remove rs-api dependency by downgrading jackson to 2.12.7 | Major | build | PJ Fanning | PJ Fanning |
+| [HADOOP-18354](https://issues.apache.org/jira/browse/HADOOP-18354) | Upgrade reload4j to 1.2.22 due to XXE vulnerability | Major | . | PJ Fanning | PJ Fanning |
+
+
+### BUG FIXES:
+
+| JIRA | Summary | Priority | Component | Reporter | Contributor |
+|:---- |:---- | :--- |:---- |:---- |:---- |
+| [HADOOP-18085](https://issues.apache.org/jira/browse/HADOOP-18085) | S3 SDK Upgrade causes AccessPoint ARN endpoint mistranslation | Major | fs/s3, test | Bogdan Stolojan | Bogdan Stolojan |
+| [YARN-11092](https://issues.apache.org/jira/browse/YARN-11092) | Upgrade jquery ui to 1.13.1 | Major | . | D M Murali Krishna Reddy | groot |
+| [HDFS-16453](https://issues.apache.org/jira/browse/HDFS-16453) | Upgrade okhttp from 2.7.5 to 4.9.3 | Major | hdfs-client | Ivan Viaznikov | groot |
+| [YARN-10974](https://issues.apache.org/jira/browse/YARN-10974) | CS UI: queue filter and openQueues param do not work as expected | Major | capacity scheduler | Chengbing Liu | Chengbing Liu |
+| [HADOOP-18237](https://issues.apache.org/jira/browse/HADOOP-18237) | Upgrade Apache Xerces Java to 2.12.2 | Major | build | groot | groot |
+| [HADOOP-18074](https://issues.apache.org/jira/browse/HADOOP-18074) | Partial/Incomplete groups list can be returned in LDAP groups lookup | Major | security | Philippe Lanoe | Larry McCay |
+| [HADOOP-18079](https://issues.apache.org/jira/browse/HADOOP-18079) | Upgrade Netty to 4.1.77.Final | Major | build | Renukaprasad C | Wei-Chiu Chuang |
+
+
+### SUB-TASKS:
+
+| JIRA | Summary | Priority | Component | Reporter | Contributor |
+|:---- |:---- | :--- |:---- |:---- |:---- |
+| [HADOOP-18068](https://issues.apache.org/jira/browse/HADOOP-18068) | Upgrade AWS SDK to 1.12.132 | Major | build, fs/s3 | Steve Loughran | Steve Loughran |
+| [HADOOP-18307](https://issues.apache.org/jira/browse/HADOOP-18307) | remove hadoop-cos as a dependency of hadoop-cloud-storage | Major | bulid, fs | Steve Loughran | Steve Loughran |
+| [HADOOP-18344](https://issues.apache.org/jira/browse/HADOOP-18344) | AWS SDK update to 1.12.262 to address jackson CVE-2018-7489 | Major | fs/s3 | Steve Loughran | Steve Loughran |
+
+
Added: dev/hadoop/hadoop-3.3.4-RC1/CHANGELOG.md.asc
==============================================================================
--- dev/hadoop/hadoop-3.3.4-RC1/CHANGELOG.md.asc (added)
+++ dev/hadoop/hadoop-3.3.4-RC1/CHANGELOG.md.asc Fri Jul 29 18:11:07 2022
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEEOCN+5CUFAoUHfbV60iz4RtuxYqAFAmLj7SgACgkQ0iz4Rtux
+YqBBaA//Unka5kQHZEuLhSFPzRUcLIqokpU/cvcvwlVHyaPPJIozBEutUGT0rkpQ
+HEx5gXrn6xiPWgLQw8lR0JcKuXlu25Wfowqwth492oT20H3GG7VTcBD3A7dRq9jS
+2rSZkRbzUuwNnxXSqkVJ3jTEuQ7LeMAa+T1CfdiLF7M/o+A+9NACY7T294CwnBwm
+D4Pv18WWgQpZadeFWNUiOuRGMvy43kQyfIUnuP+M0/gOetpaUOmLKs7nRZ5dc77r
+Orf9JRQ9rh9CLTH8pOTBuQE30r+e+HunDlCPYwJnizgWcmRXtN+GmRDhS1wc6Blf
+t9rq75CfWaQL2lPL8KUHuMOyxp3y4imkZzS9rsiZtHRP7QBj04n493ulJOLiuR52
+RMaub4RrV9oa2/htHjn0qv3MX1/vTRyRTkxt/NpmhOJ9LahPHZ/pFfPevvmI/MVE
+VO4OQtz7kYk543Kje7oYO3Z/1nwyZT7SjrrRMHPnTd5lCA/3LKoTlmlhTAF/45yc
+Ase6aPVvK+5FNmqw60FyeARWhT53eKfZiDD4zdABoQVLONN76YL/k570rgyIruad
+c2ACIHTpRqiiFovLXaX6T80iZp2TrZB9mM0Q31G59NDHG1yFScDdaycovkKmZ3sj
+GYyGavoaGHcjgAtnkSeeN/Xn1/d+mIC88oYV3CinG34MHBdXKIc=
+=gqIG
+-----END PGP SIGNATURE-----
Added: dev/hadoop/hadoop-3.3.4-RC1/CHANGELOG.md.sha512
==============================================================================
--- dev/hadoop/hadoop-3.3.4-RC1/CHANGELOG.md.sha512 (added)
+++ dev/hadoop/hadoop-3.3.4-RC1/CHANGELOG.md.sha512 Fri Jul 29 18:11:07 2022
@@ -0,0 +1 @@
+SHA512 (CHANGELOG.md) = 917437777352592cfb19afe8ae94910014b4bbe84f6c5f7d13a11074d28b31c95a2a80b371600b17e1f3b6167abce30361207798772096851c07cb875386489b
Added: dev/hadoop/hadoop-3.3.4-RC1/RELEASENOTES.md
==============================================================================
--- dev/hadoop/hadoop-3.3.4-RC1/RELEASENOTES.md (added)
+++ dev/hadoop/hadoop-3.3.4-RC1/RELEASENOTES.md Fri Jul 29 18:11:07 2022
@@ -0,0 +1,66 @@
+
+<!---
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+-->
+# Apache Hadoop 3.3.4 Release Notes
+
+These release notes cover new developer and user-facing incompatibilities, important issues, features, and major improvements.
+
+
+---
+
+* [HDFS-16453](https://issues.apache.org/jira/browse/HDFS-16453) | *Major* | **Upgrade okhttp from 2.7.5 to 4.9.3**
+
+okhttp has been updated to address CVE-2021-0341
+
+
+---
+
+* [HADOOP-18237](https://issues.apache.org/jira/browse/HADOOP-18237) | *Major* | **Upgrade Apache Xerces Java to 2.12.2**
+
+Apache Xerces has been updated to 2.12.2 to fix CVE-2022-23437
+
+
+---
+
+* [HADOOP-18307](https://issues.apache.org/jira/browse/HADOOP-18307) | *Major* | **remove hadoop-cos as a dependency of hadoop-cloud-storage**
+
+We have recently become aware that libraries which include a shaded apache httpclient libraries (hadoop-client-runtime.jar, aws-java-sdk-bundle.jar, gcs-connector-shaded.jar, cos\_api-bundle-5.6.19.jar) all load and use the unshaded resource mozilla/public-suffix-list.txt. If an out of date version of this is found on the classpath first, attempts to negotiate TLS connections may fail with the error "Certificate doesn't match any of the subject alternative names". This release does not declare the hadoop-cos library to be a dependency of the hadoop-cloud-storage POM, so applications depending on that module are no longer exposed to this issue. If an application requires use of the hadoop-cos module, please declare an explicit dependency.
+
+
+---
+
+* [HADOOP-18332](https://issues.apache.org/jira/browse/HADOOP-18332) | *Major* | **Remove rs-api dependency by downgrading jackson to 2.12.7**
+
+Downgrades Jackson from 2.13.2 to 2.12.7 to fix class conflicts in downstream projects. This version of jackson does contain the fix for CVE-2020-36518.
+
+
+---
+
+* [HADOOP-18079](https://issues.apache.org/jira/browse/HADOOP-18079) | *Major* | **Upgrade Netty to 4.1.77.Final**
+
+Netty has been updated to address CVE-2019-20444, CVE-2019-20445 and CVE-2022-24823
+
+
+---
+
+* [HADOOP-18344](https://issues.apache.org/jira/browse/HADOOP-18344) | *Major* | **AWS SDK update to 1.12.262 to address jackson CVE-2018-7489**
+
+The AWS SDK has been updated to 1.12.262 to address jackson CVE-2018-7489
+
+
+
Added: dev/hadoop/hadoop-3.3.4-RC1/RELEASENOTES.md.asc
==============================================================================
--- dev/hadoop/hadoop-3.3.4-RC1/RELEASENOTES.md.asc (added)
+++ dev/hadoop/hadoop-3.3.4-RC1/RELEASENOTES.md.asc Fri Jul 29 18:11:07 2022
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEEOCN+5CUFAoUHfbV60iz4RtuxYqAFAmLj7TAACgkQ0iz4Rtux
+YqCk0Q//d3e7+7VaxKQG9u8k72AGlqr1dn4KZh31oqJBH+puo12R9sRuBHkYdy4q
+3q0up9sndNoLDrlueLkkQSiQI/TPIozF3imGy0scdlKHbJuvsoRqvqo3R3+RkU/1
+P3aj88S2L9kladdLkDwfcCGdSXAjwEg71KUQH27OhAfiEhqh0wToUC7mLNphcejS
+M6LTLBUTpLqndP5zA/OrVDdYdUu+EPPo+YJp0SwqjT977zmRT+v8PtKlcrTwOyrm
+GXFHlGKVQV8xIdnlxXsWP3lZv58y6DmUqA83Q7gtVgt6vUfPTe7aarLqngOI5D+X
+Abpqxtk5L9+6aFRdjhCj0lfv68rPDqyeIB//1Dt4N5JeCMHrlUVGBIbVC61B8TBV
+ONXtyQtbg4RHQNWk3nXsF4Ti40YvDyU7Vu3/BKJDP+XuJcUkG//Y2p8XfDI0Gymd
+DctQeEiYKG4gJBz02YfIvPlSyuUsQNPFyFJ7gOjszD7O0xpRgkgMbwXorZlpBEQT
+xfP03YToVgLuqNDH89D14MKw3sZhA5UpIx5gwoP4kgOr0OKgumRTVKCA5pLbzYiy
+VJyz2YrpOOwh9qAO3MwrgMfVZvxKmyh7kO7NjrrZN+X23z/Df1BQZDv1EA4SP/Bn
+hM1vt0xC7wUAuaT+QFVpjS5aAfM1t7mFUHB3ZV2ft0hlcDBJs+s=
+=TUwh
+-----END PGP SIGNATURE-----
Added: dev/hadoop/hadoop-3.3.4-RC1/RELEASENOTES.md.sha512
==============================================================================
--- dev/hadoop/hadoop-3.3.4-RC1/RELEASENOTES.md.sha512 (added)
+++ dev/hadoop/hadoop-3.3.4-RC1/RELEASENOTES.md.sha512 Fri Jul 29 18:11:07 2022
@@ -0,0 +1 @@
+SHA512 (RELEASENOTES.md) = d1c4e7e0082f4fd64d3ef1678cfe0219c037818e6b754c17adf97f6e0014bb9617f29787a972695260bcc05607e024b2c6b07eebf249712c51c8cfdc88daca9d
---------------------------------------------------------------------
To unsubscribe, e-mail: common-commits-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-commits-help@hadoop.apache.org