[jira] [Created] (HADOOP-19154) upgrade bouncy castle to 1.78.1 due to CVEs

PJ Fanning created HADOOP-19154: --- Summary: upgrade bouncy castle to 1.78.1 due to CVEs Key: HADOOP-19154 URL: https://issues.apache.org/jira/browse/HADOOP-19154 Project: Hadoop Common Issue

[jira] [Created] (HADOOP-19134) use StringBuilder instead of StringBuffer

PJ Fanning created HADOOP-19134: --- Summary: use StringBuilder instead of StringBuffer Key: HADOOP-19134 URL: https://issues.apache.org/jira/browse/HADOOP-19134 Project: Hadoop Common Issue

[jira] [Commented] (HADOOP-19116) update to zookeeper client 3.8.4 due to CVE-2024-23944

[ https://issues.apache.org/jira/browse/HADOOP-19116?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17830731#comment-17830731 ] PJ Fanning commented on HADOOP-19116: - [~ste...@apache.org] I created

[jira] [Created] (HADOOP-19123) update commons-configuration2 to 2.10.1 due to CVE

PJ Fanning created HADOOP-19123: --- Summary: update commons-configuration2 to 2.10.1 due to CVE Key: HADOOP-19123 URL: https://issues.apache.org/jira/browse/HADOOP-19123 Project: Hadoop Common

[jira] [Created] (HADOOP-19116) update to zookeeper client 3.8.4 due to CVE

PJ Fanning created HADOOP-19116: --- Summary: update to zookeeper client 3.8.4 due to CVE Key: HADOOP-19116 URL: https://issues.apache.org/jira/browse/HADOOP-19116 Project: Hadoop Common Issue

[jira] [Created] (HADOOP-19115) upgrade to nimbus-jose-jwt 9.37.2 due to CVE

PJ Fanning created HADOOP-19115: --- Summary: upgrade to nimbus-jose-jwt 9.37.2 due to CVE Key: HADOOP-19115 URL: https://issues.apache.org/jira/browse/HADOOP-19115 Project: Hadoop Common Issue

[jira] [Created] (HADOOP-19114) upgrade to commons-compress 1.26.1 due to cves

PJ Fanning created HADOOP-19114: --- Summary: upgrade to commons-compress 1.26.1 due to cves Key: HADOOP-19114 URL: https://issues.apache.org/jira/browse/HADOOP-19114 Project: Hadoop Common Issue

[jira] [Commented] (HADOOP-19090) Update Protocol Buffers installation to 3.23.4

[ https://issues.apache.org/jira/browse/HADOOP-19090?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17822242#comment-17822242 ] PJ Fanning commented on HADOOP-19090: - I think we'll need a new release to avoid that bytebuffer

[jira] [Commented] (HADOOP-18197) Update protobuf 3.7.1 to a version without CVE-2021-22569

[ https://issues.apache.org/jira/browse/HADOOP-18197?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17821186#comment-17821186 ] PJ Fanning commented on HADOOP-18197: - I have https://github.com/apache/hadoop-thirdparty/pull/34

[jira] [Created] (HADOOP-19090) Update Protocol Buffers installation to 3.23.4

PJ Fanning created HADOOP-19090: --- Summary: Update Protocol Buffers installation to 3.23.4 Key: HADOOP-19090 URL: https://issues.apache.org/jira/browse/HADOOP-19090 Project: Hadoop Common Issue

[jira] [Commented] (HADOOP-18197) Update protobuf 3.7.1 to a version without CVE-2021-22569

[ https://issues.apache.org/jira/browse/HADOOP-18197?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17820707#comment-17820707 ] PJ Fanning commented on HADOOP-18197: - The fix only seems to be in protobuf-java 3.23 and above -

[jira] [Created] (HADOOP-19088) upgrade to jersey-json 1.22.0

PJ Fanning created HADOOP-19088: --- Summary: upgrade to jersey-json 1.22.0 Key: HADOOP-19088 URL: https://issues.apache.org/jira/browse/HADOOP-19088 Project: Hadoop Common Issue Type: Bug

[jira] [Updated] (HADOOP-19081) move ssh/sftp code out of hadoop-common into a dedicated jar

[ https://issues.apache.org/jira/browse/HADOOP-19081?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] PJ Fanning updated HADOOP-19081: Description: We could call it hadoop-ssh-common. This code is only used in 1 or 2 other places

[jira] [Created] (HADOOP-19081) move ssh/sftp code out of hadoop-common into a dedicated jar

PJ Fanning created HADOOP-19081: --- Summary: move ssh/sftp code out of hadoop-common into a dedicated jar Key: HADOOP-19081 URL: https://issues.apache.org/jira/browse/HADOOP-19081 Project: Hadoop Common

[jira] [Updated] (HADOOP-19079) check that class that is loaded is really an exception

[ https://issues.apache.org/jira/browse/HADOOP-19079?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] PJ Fanning updated HADOOP-19079: Description: It can be dangerous taking class names as inputs from HTTP messages even if we

[jira] [Created] (HADOOP-19079) check that class that is loaded is really an exception

PJ Fanning created HADOOP-19079: --- Summary: check that class that is loaded is really an exception Key: HADOOP-19079 URL: https://issues.apache.org/jira/browse/HADOOP-19079 Project: Hadoop Common

[jira] [Created] (HADOOP-19078) reduce use of javax.ws.rs.core.MediaType

PJ Fanning created HADOOP-19078: --- Summary: reduce use of javax.ws.rs.core.MediaType Key: HADOOP-19078 URL: https://issues.apache.org/jira/browse/HADOOP-19078 Project: Hadoop Common Issue Type:

[jira] [Updated] (HADOOP-19076) move jersey code in hadoop-common jar to a new hadoop-jersey1-common jar

[ https://issues.apache.org/jira/browse/HADOOP-19076?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] PJ Fanning updated HADOOP-19076: Description: Hadoop's Jersey dependencies are causing us real trouble. I'm wondering if it

[jira] [Commented] (HADOOP-19076) move jersey code in hadoop-common jar to a new hadoop-jersey1-common jar

[ https://issues.apache.org/jira/browse/HADOOP-19076?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17817730#comment-17817730 ] PJ Fanning commented on HADOOP-19076: - Thanks [~ste...@apache.org], the idea would be to have 1 jar

[jira] [Commented] (HADOOP-19076) move jersey code in hadoop-common jar to a new hadoop-jersey1-common jar

[ https://issues.apache.org/jira/browse/HADOOP-19076?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17817696#comment-17817696 ] PJ Fanning commented on HADOOP-19076: - Thanks [~slfan1989] for the background on Jersey 3. What do

[jira] [Created] (HADOOP-19077) remove use of javax.ws.rs.core.HttpHeaders

PJ Fanning created HADOOP-19077: --- Summary: remove use of javax.ws.rs.core.HttpHeaders Key: HADOOP-19077 URL: https://issues.apache.org/jira/browse/HADOOP-19077 Project: Hadoop Common Issue

[jira] [Created] (HADOOP-19076) move jersey code in hadoop-common jar to a new hadoop-jersey1-common jar

PJ Fanning created HADOOP-19076: --- Summary: move jersey code in hadoop-common jar to a new hadoop-jersey1-common jar Key: HADOOP-19076 URL: https://issues.apache.org/jira/browse/HADOOP-19076 Project:

[jira] [Commented] (HADOOP-15984) Update jersey from 1.19 to 2.x

[ https://issues.apache.org/jira/browse/HADOOP-15984?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17817496#comment-17817496 ] PJ Fanning commented on HADOOP-15984: - It does look like we have some client side Jersey code too.

[jira] [Commented] (HADOOP-15984) Update jersey from 1.19 to 2.x

[ https://issues.apache.org/jira/browse/HADOOP-15984?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17817492#comment-17817492 ] PJ Fanning commented on HADOOP-15984: - I don't understand why, for instance, hadoop-common exposes

[jira] [Commented] (HADOOP-15984) Update jersey from 1.19 to 2.x

[ https://issues.apache.org/jira/browse/HADOOP-15984?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17817480#comment-17817480 ] PJ Fanning commented on HADOOP-15984: - the jersey dependencies should only be exposed on the small

[jira] [Commented] (HADOOP-15984) Update jersey from 1.19 to 2.x

[ https://issues.apache.org/jira/browse/HADOOP-15984?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17816897#comment-17816897 ] PJ Fanning commented on HADOOP-15984: - Jersey 1 uses jsr311 jar and Jersey2 uses rs-api jar. These

[jira] [Commented] (HADOOP-18895) upgrade to commons-compress 1.24.0 due to CVE

[ https://issues.apache.org/jira/browse/HADOOP-18895?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17807140#comment-17807140 ] PJ Fanning commented on HADOOP-18895: - [~slfan1989] this was not reverted - it is still fixed in

[jira] [Created] (HADOOP-19041) further use of StandardCharsets

PJ Fanning created HADOOP-19041: --- Summary: further use of StandardCharsets Key: HADOOP-19041 URL: https://issues.apache.org/jira/browse/HADOOP-19041 Project: Hadoop Common Issue Type: Task

[jira] [Created] (HADOOP-19024) change to bouncy castle jdk1.8 jars

PJ Fanning created HADOOP-19024: --- Summary: change to bouncy castle jdk1.8 jars Key: HADOOP-19024 URL: https://issues.apache.org/jira/browse/HADOOP-19024 Project: Hadoop Common Issue Type: Task

[jira] [Created] (HADOOP-19014) use jsr311-compat jar to allow us to use Jackson 2.14.3

PJ Fanning created HADOOP-19014: --- Summary: use jsr311-compat jar to allow us to use Jackson 2.14.3 Key: HADOOP-19014 URL: https://issues.apache.org/jira/browse/HADOOP-19014 Project: Hadoop Common

[jira] [Commented] (HADOOP-18936) Upgrade to jetty 9.4.53

[ https://issues.apache.org/jira/browse/HADOOP-18936?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17781027#comment-17781027 ] PJ Fanning commented on HADOOP-18936: - [~coheigea] [~ayushtkn] I created

[jira] [Updated] (HADOOP-18957) Use StandardCharsets.UTF_8 constant

[ https://issues.apache.org/jira/browse/HADOOP-18957?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] PJ Fanning updated HADOOP-18957: Description: * there are some places in the code that have to check for

[jira] [Created] (HADOOP-18957) Use StandardCharsets.UTF_8 constant

PJ Fanning created HADOOP-18957: --- Summary: Use StandardCharsets.UTF_8 constant Key: HADOOP-18957 URL: https://issues.apache.org/jira/browse/HADOOP-18957 Project: Hadoop Common Issue Type:

[jira] [Created] (HADOOP-18949) upgrade maven dependency plugin due to security issue

PJ Fanning created HADOOP-18949: --- Summary: upgrade maven dependency plugin due to security issue Key: HADOOP-18949 URL: https://issues.apache.org/jira/browse/HADOOP-18949 Project: Hadoop Common

[jira] [Commented] (HADOOP-18359) Update commons-cli from 1.2 to 1.5.

[ https://issues.apache.org/jira/browse/HADOOP-18359?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=1299#comment-1299 ] PJ Fanning commented on HADOOP-18359: - [~coheigea] I have not been involved with this issue. I am

[jira] [Updated] (HADOOP-18936) upgrade jetty to 9.4.53 due to CVEs

[ https://issues.apache.org/jira/browse/HADOOP-18936?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] PJ Fanning updated HADOOP-18936: Description: 2 CVE fixes in

[jira] [Created] (HADOOP-18936) upgrade jetty to 9.4.53 due to CVEs

PJ Fanning created HADOOP-18936: --- Summary: upgrade jetty to 9.4.53 due to CVEs Key: HADOOP-18936 URL: https://issues.apache.org/jira/browse/HADOOP-18936 Project: Hadoop Common Issue Type:

[jira] [Created] (HADOOP-18933) upgrade netty to 4.1.100 due to CVE

PJ Fanning created HADOOP-18933: --- Summary: upgrade netty to 4.1.100 due to CVE Key: HADOOP-18933 URL: https://issues.apache.org/jira/browse/HADOOP-18933 Project: Hadoop Common Issue Type:

[jira] [Commented] (HADOOP-18929) Build failure while trying to create apache 3.3.7 release locally.

[ https://issues.apache.org/jira/browse/HADOOP-18929?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17773818#comment-17773818 ] PJ Fanning commented on HADOOP-18929: - https://github.com/apache/hadoop/pull/6169 > Build failure

[jira] [Commented] (HADOOP-18929) Build failure while trying to create apache 3.3.7 release locally.

[ https://issues.apache.org/jira/browse/HADOOP-18929?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17773810#comment-17773810 ] PJ Fanning commented on HADOOP-18929: - It looks like commons-compress 1.24.0 is the 1st

[jira] [Created] (HADOOP-18924) upgrade grpc jars to v1.53.0 due to CVEs

PJ Fanning created HADOOP-18924: --- Summary: upgrade grpc jars to v1.53.0 due to CVEs Key: HADOOP-18924 URL: https://issues.apache.org/jira/browse/HADOOP-18924 Project: Hadoop Common Issue Type:

[jira] [Created] (HADOOP-18921) upgrade avro in hadoop-thirdparty to 1.11.3

PJ Fanning created HADOOP-18921: --- Summary: upgrade avro in hadoop-thirdparty to 1.11.3 Key: HADOOP-18921 URL: https://issues.apache.org/jira/browse/HADOOP-18921 Project: Hadoop Common Issue

[jira] [Created] (HADOOP-18917) upgrade to commons-io 2.14.0

PJ Fanning created HADOOP-18917: --- Summary: upgrade to commons-io 2.14.0 Key: HADOOP-18917 URL: https://issues.apache.org/jira/browse/HADOOP-18917 Project: Hadoop Common Issue Type: Improvement

[jira] [Updated] (HADOOP-18916) module-info classes from external dependencies appearing in uber jars

[ https://issues.apache.org/jira/browse/HADOOP-18916?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] PJ Fanning updated HADOOP-18916: Description: hadoop-client-minicluster and hadoop-client-runtime try unsuccessfully to exclude

[jira] [Created] (HADOOP-18916) module-info classes from external dependencies appearing in uber jars

PJ Fanning created HADOOP-18916: --- Summary: module-info classes from external dependencies appearing in uber jars Key: HADOOP-18916 URL: https://issues.apache.org/jira/browse/HADOOP-18916 Project:

[jira] [Commented] (HADOOP-17225) Update jackson-mapper-asl-1.9.13 to atlassian version to mitigate: CVE-2019-10172

[ https://issues.apache.org/jira/browse/HADOOP-17225?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17770690#comment-17770690 ] PJ Fanning commented on HADOOP-17225: - This can probably be closed because latest hadoop 3.3

[jira] [Created] (HADOOP-18912) upgrade snappy-java to 1.1.10.4 due to CVE

PJ Fanning created HADOOP-18912: --- Summary: upgrade snappy-java to 1.1.10.4 due to CVE Key: HADOOP-18912 URL: https://issues.apache.org/jira/browse/HADOOP-18912 Project: Hadoop Common Issue

[jira] [Updated] (HADOOP-18895) upgrade to commons-compress 1.24.0 due to CVE

[ https://issues.apache.org/jira/browse/HADOOP-18895?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] PJ Fanning updated HADOOP-18895: Description: Includes some important bug fixes including

[jira] [Updated] (HADOOP-18895) upgrade to commons-compress 1.24.0 due to CVE

[ https://issues.apache.org/jira/browse/HADOOP-18895?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] PJ Fanning updated HADOOP-18895: Description: Includes some important bug fixes including

[jira] [Updated] (HADOOP-18895) upgrade to commons-compress 1.24.0 due to CVE

[ https://issues.apache.org/jira/browse/HADOOP-18895?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] PJ Fanning updated HADOOP-18895: Summary: upgrade to commons-compress 1.24.0 due to CVE (was: upgrade to commons-compress

[jira] [Created] (HADOOP-18895) upgrade to commons-compress 1.24.0

PJ Fanning created HADOOP-18895: --- Summary: upgrade to commons-compress 1.24.0 Key: HADOOP-18895 URL: https://issues.apache.org/jira/browse/HADOOP-18895 Project: Hadoop Common Issue Type:

[jira] [Updated] (HADOOP-18894) upgrade sshd-core due to CVEs

[ https://issues.apache.org/jira/browse/HADOOP-18894?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] PJ Fanning updated HADOOP-18894: Description: https://mvnrepository.com/artifact/org.apache.sshd/sshd-core hadoop currently uses

[jira] [Created] (HADOOP-18894) upgrade sshd-core due to CVEs

PJ Fanning created HADOOP-18894: --- Summary: upgrade sshd-core due to CVEs Key: HADOOP-18894 URL: https://issues.apache.org/jira/browse/HADOOP-18894 Project: Hadoop Common Issue Type: Bug

[jira] [Commented] (HADOOP-18890) remove okhttp usage

[ https://issues.apache.org/jira/browse/HADOOP-18890?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17764306#comment-17764306 ] PJ Fanning commented on HADOOP-18890: - It seems to be used in a few places - notably

[jira] [Created] (HADOOP-18890) remove okhttp usage

PJ Fanning created HADOOP-18890: --- Summary: remove okhttp usage Key: HADOOP-18890 URL: https://issues.apache.org/jira/browse/HADOOP-18890 Project: Hadoop Common Issue Type: Bug

[jira] [Created] (HADOOP-18783) upgrade netty to 4.1.94 due to CVE

PJ Fanning created HADOOP-18783: --- Summary: upgrade netty to 4.1.94 due to CVE Key: HADOOP-18783 URL: https://issues.apache.org/jira/browse/HADOOP-18783 Project: Hadoop Common Issue Type: Task

[jira] [Created] (HADOOP-18782) upgrade to snappy-java 1.1.10.1 due to CVEs

PJ Fanning created HADOOP-18782: --- Summary: upgrade to snappy-java 1.1.10.1 due to CVEs Key: HADOOP-18782 URL: https://issues.apache.org/jira/browse/HADOOP-18782 Project: Hadoop Common Issue

[jira] [Comment Edited] (HADOOP-18033) Upgrade fasterxml Jackson to 2.13.0

[ https://issues.apache.org/jira/browse/HADOOP-18033?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17731654#comment-17731654 ] PJ Fanning edited comment on HADOOP-18033 at 6/12/23 3:14 PM: -- We're stuck

[jira] [Commented] (HADOOP-18033) Upgrade fasterxml Jackson to 2.13.0

[ https://issues.apache.org/jira/browse/HADOOP-18033?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17731654#comment-17731654 ] PJ Fanning commented on HADOOP-18033: - We're stuck on Jackson 2.12 because of jersey v1. Jackson

[jira] [Resolved] (HADOOP-18719) upgrade snakeyaml to 2.0 (fixes CVE-2022-1471)

[ https://issues.apache.org/jira/browse/HADOOP-18719?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] PJ Fanning resolved HADOOP-18719. - Resolution: Duplicate > upgrade snakeyaml to 2.0 (fixes CVE-2022-1471) >

[jira] [Created] (HADOOP-18719) upgrade snakeyaml to 2.0 (fixes CVE-2022-1471)

PJ Fanning created HADOOP-18719: --- Summary: upgrade snakeyaml to 2.0 (fixes CVE-2022-1471) Key: HADOOP-18719 URL: https://issues.apache.org/jira/browse/HADOOP-18719 Project: Hadoop Common Issue

[jira] [Created] (HADOOP-18712) upgrade to jetty 9.4.51 due to cve

PJ Fanning created HADOOP-18712: --- Summary: upgrade to jetty 9.4.51 due to cve Key: HADOOP-18712 URL: https://issues.apache.org/jira/browse/HADOOP-18712 Project: Hadoop Common Issue Type: Task

[jira] [Created] (HADOOP-18711) upgrade nimbus jwt jar due to issues in its embedded shaded json-smart code

PJ Fanning created HADOOP-18711: --- Summary: upgrade nimbus jwt jar due to issues in its embedded shaded json-smart code Key: HADOOP-18711 URL: https://issues.apache.org/jira/browse/HADOOP-18711 Project:

[jira] [Updated] (HADOOP-18693) upgrade Apache Derby due to CVEs

[ https://issues.apache.org/jira/browse/HADOOP-18693?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] PJ Fanning updated HADOOP-18693: Description: [https://github.com/advisories/GHSA-wr69-g62g-2r9h]

[jira] [Updated] (HADOOP-18693) upgrade Apache Derby due to CVEs

[ https://issues.apache.org/jira/browse/HADOOP-18693?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] PJ Fanning updated HADOOP-18693: Description: [https://github.com/advisories/GHSA-wr69-g62g-2r9h]

[jira] [Created] (HADOOP-18693) upgrade Apache Derby due to CVEs

PJ Fanning created HADOOP-18693: --- Summary: upgrade Apache Derby due to CVEs Key: HADOOP-18693 URL: https://issues.apache.org/jira/browse/HADOOP-18693 Project: Hadoop Common Issue Type: Task

[jira] [Created] (HADOOP-18658) snakeyaml dependency: upgrade to v2.0

PJ Fanning created HADOOP-18658: --- Summary: snakeyaml dependency: upgrade to v2.0 Key: HADOOP-18658 URL: https://issues.apache.org/jira/browse/HADOOP-18658 Project: Hadoop Common Issue Type:

[jira] [Comment Edited] (HADOOP-18619) replace jsr311-api dependency with rs-api

[ https://issues.apache.org/jira/browse/HADOOP-18619?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17687104#comment-17687104 ] PJ Fanning edited comment on HADOOP-18619 at 2/10/23 5:40 PM: -- I had a

[jira] [Comment Edited] (HADOOP-18619) replace jsr311-api dependency with rs-api

[ https://issues.apache.org/jira/browse/HADOOP-18619?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17687104#comment-17687104 ] PJ Fanning edited comment on HADOOP-18619 at 2/10/23 2:54 PM: -- I had a

[jira] [Commented] (HADOOP-18619) replace jsr311-api dependency with rs-api

[ https://issues.apache.org/jira/browse/HADOOP-18619?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17687104#comment-17687104 ] PJ Fanning commented on HADOOP-18619: - I had a quick look and getting jersey-core to work with

[jira] [Comment Edited] (HADOOP-18619) replace jsr311-api dependency with rs-api

[ https://issues.apache.org/jira/browse/HADOOP-18619?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17687023#comment-17687023 ] PJ Fanning edited comment on HADOOP-18619 at 2/10/23 10:51 AM: --- I haven't

[jira] [Commented] (HADOOP-18619) replace jsr311-api dependency with rs-api

[ https://issues.apache.org/jira/browse/HADOOP-18619?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17687023#comment-17687023 ] PJ Fanning commented on HADOOP-18619: - I haven't tried playing with jersey-core too much yet. I

[jira] [Commented] (HADOOP-18619) replace jsr311-api dependency with rs-api

[ https://issues.apache.org/jira/browse/HADOOP-18619?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17685255#comment-17685255 ] PJ Fanning commented on HADOOP-18619: - When 3.3.5 is released, jersey-json dependency will be

[jira] [Created] (HADOOP-18619) replace jsr311-api dependency with rs-api

PJ Fanning created HADOOP-18619: --- Summary: replace jsr311-api dependency with rs-api Key: HADOOP-18619 URL: https://issues.apache.org/jira/browse/HADOOP-18619 Project: Hadoop Common Issue

[jira] [Commented] (HADOOP-18587) upgrade to jettison 1.5.3 due to security issue

[ https://issues.apache.org/jira/browse/HADOOP-18587?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17677381#comment-17677381 ] PJ Fanning commented on HADOOP-18587: - Would be nice to get it into 3.3.5 rc but if you are in the

[jira] [Updated] (HADOOP-18587) upgrade to jettison 1.5.2 due to security issue

[ https://issues.apache.org/jira/browse/HADOOP-18587?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] PJ Fanning updated HADOOP-18587: Description: [https://github.com/advisories/GHSA-x27m-9w8j-5vcw]  

[jira] [Created] (HADOOP-18587) upgrade to jettison 1.5.2 due to security issue

PJ Fanning created HADOOP-18587: --- Summary: upgrade to jettison 1.5.2 due to security issue Key: HADOOP-18587 URL: https://issues.apache.org/jira/browse/HADOOP-18587 Project: Hadoop Common

[jira] [Commented] (HADOOP-18342) Upgrade to Avro 1.11.1

[ https://issues.apache.org/jira/browse/HADOOP-18342?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17652406#comment-17652406 ] PJ Fanning commented on HADOOP-18342: - The hadoop-thirdparty jar has not been released to Maven

[jira] [Commented] (HADOOP-18575) Make XML transformer factory more lenient

[ https://issues.apache.org/jira/browse/HADOOP-18575?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17651383#comment-17651383 ] PJ Fanning commented on HADOOP-18575: - [~ste...@apache.org] in terms of performance concerns, would

[jira] [Commented] (HADOOP-18575) Make XML transformer factory more lenient

[ https://issues.apache.org/jira/browse/HADOOP-18575?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17651325#comment-17651325 ] PJ Fanning commented on HADOOP-18575: - I guess that could be done. I might have time tonight to do

[jira] [Commented] (HADOOP-18575) make transformer factory creation more lenient

[ https://issues.apache.org/jira/browse/HADOOP-18575?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17647667#comment-17647667 ] PJ Fanning commented on HADOOP-18575: - https://github.com/apache/hadoop/pull/5224 > make

[jira] [Created] (HADOOP-18575) make transformer factory creation more lenient

PJ Fanning created HADOOP-18575: --- Summary: make transformer factory creation more lenient Key: HADOOP-18575 URL: https://issues.apache.org/jira/browse/HADOOP-18575 Project: Hadoop Common Issue

[jira] [Commented] (HADOOP-18469) Add XMLUtils methods to centralise code that creates secure XML parsers

[ https://issues.apache.org/jira/browse/HADOOP-18469?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17647590#comment-17647590 ] PJ Fanning commented on HADOOP-18469: - I raised [https://github.com/apache/hadoop/pull/5224] - I

[jira] [Commented] (HADOOP-18469) Add XMLUtils methods to centralise code that creates secure XML parsers

[ https://issues.apache.org/jira/browse/HADOOP-18469?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17647565#comment-17647565 ] PJ Fanning commented on HADOOP-18469: - In Apache POI, they use a best effort approach with setting

[jira] [Commented] (HADOOP-17563) Update Bouncy Castle to 1.68 or later

[ https://issues.apache.org/jira/browse/HADOOP-17563?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17643063#comment-17643063 ] PJ Fanning commented on HADOOP-17563: - This class is in bcprov-jdk15on-1.60.jar and 

[jira] [Commented] (HADOOP-18512) upgrade woodstox-core to 5.4.0 for security fix

[ https://issues.apache.org/jira/browse/HADOOP-18512?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17625587#comment-17625587 ] PJ Fanning commented on HADOOP-18512: - Not likely to be something that can be exploited but to keep

[jira] [Commented] (HADOOP-15983) Use jersey-json that is built to use jackson2

[ https://issues.apache.org/jira/browse/HADOOP-15983?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17620662#comment-17620662 ] PJ Fanning commented on HADOOP-15983: - [~ste...@apache.org] I can look at doing a PR for the 3.3

[jira] [Commented] (HADOOP-18497) Upgrade commons-text version to fix CVE-2022-42889

[ https://issues.apache.org/jira/browse/HADOOP-18497?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17619609#comment-17619609 ] PJ Fanning commented on HADOOP-18497: - This CVE is starting to get a lot of press and social media

[jira] [Commented] (HADOOP-18496) upgrade kotlin-stdlib due to CVEs

[ https://issues.apache.org/jira/browse/HADOOP-18496?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17617623#comment-17617623 ] PJ Fanning commented on HADOOP-18496: - [~ste...@apache.org] looks like the kotlin dependencies were

[jira] [Created] (HADOOP-18496) upgrade kotlin-stdlib due to CVEs

PJ Fanning created HADOOP-18496: --- Summary: upgrade kotlin-stdlib due to CVEs Key: HADOOP-18496 URL: https://issues.apache.org/jira/browse/HADOOP-18496 Project: Hadoop Common Issue Type:

[jira] [Created] (HADOOP-18493) uptake jackson-databind 2.12.7.1 due to CVE fixes

PJ Fanning created HADOOP-18493: --- Summary: uptake jackson-databind 2.12.7.1 due to CVE fixes Key: HADOOP-18493 URL: https://issues.apache.org/jira/browse/HADOOP-18493 Project: Hadoop Common

[jira] [Updated] (HADOOP-18492) upgrade commons-text to 1.10.0

[ https://issues.apache.org/jira/browse/HADOOP-18492?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] PJ Fanning updated HADOOP-18492: Description: Extends HADOOP-18341

[jira] [Commented] (HADOOP-18492) upgrade commons-text to 1.10.0

[ https://issues.apache.org/jira/browse/HADOOP-18492?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17616477#comment-17616477 ] PJ Fanning commented on HADOOP-18492: - [~groot] I already have

[jira] [Updated] (HADOOP-18492) upgrade commons-text to 1.10.0

[ https://issues.apache.org/jira/browse/HADOOP-18492?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] PJ Fanning updated HADOOP-18492: Description: Extends HADOOP-18341

[jira] [Created] (HADOOP-18492) upgrade commons-text to 1.10.0

PJ Fanning created HADOOP-18492: --- Summary: upgrade commons-text to 1.10.0 Key: HADOOP-18492 URL: https://issues.apache.org/jira/browse/HADOOP-18492 Project: Hadoop Common Issue Type:

[jira] [Created] (HADOOP-18484) upgrade hsqldb to v2.7.1 due to CVE

PJ Fanning created HADOOP-18484: --- Summary: upgrade hsqldb to v2.7.1 due to CVE Key: HADOOP-18484 URL: https://issues.apache.org/jira/browse/HADOOP-18484 Project: Hadoop Common Issue Type:

[jira] [Created] (HADOOP-18472) Upgrade to snakeyaml 1.33

PJ Fanning created HADOOP-18472: --- Summary: Upgrade to snakeyaml 1.33 Key: HADOOP-18472 URL: https://issues.apache.org/jira/browse/HADOOP-18472 Project: Hadoop Common Issue Type: Improvement

[jira] [Updated] (HADOOP-18469) Add XMLUtils methods to centralise code that creates secure XML parsers

[ https://issues.apache.org/jira/browse/HADOOP-18469?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] PJ Fanning updated HADOOP-18469: Summary: Add XMLUtils methods to centralise code that creates secure XML parsers (was: Add an

[jira] [Updated] (HADOOP-18469) Add an XMLUtils method to centralise code that creates secure XML parsers

[ https://issues.apache.org/jira/browse/HADOOP-18469?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] PJ Fanning updated HADOOP-18469: Summary: Add an XMLUtils method to centralise code that creates secure XML parsers (was: Add an

[jira] [Created] (HADOOP-18469) Add an XMLUtils class to centralise code that creates secure XML parsers

PJ Fanning created HADOOP-18469: --- Summary: Add an XMLUtils class to centralise code that creates secure XML parsers Key: HADOOP-18469 URL: https://issues.apache.org/jira/browse/HADOOP-18469 Project:

  1   2   >