(hadoop-thirdparty) branch trunk updated: HADOOP-18197. Upgrade Protobuf-Java to 3.21.12 (#26)

Thu, 11 Jan 2024 06:11:15 -0800 

This is an automated email from the ASF dual-hosted git repository.

stevel pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/hadoop-thirdparty.git


The following commit(s) were added to refs/heads/trunk by this push:
     new df92347  HADOOP-18197. Upgrade Protobuf-Java to 3.21.12 (#26)
df92347 is described below

commit df92347102c83866fe5d8d3e5a1601363bbe19bf
Author: PJ Fanning <pjfann...@users.noreply.github.com>
AuthorDate: Thu Jan 11 15:11:02 2024 +0100

    HADOOP-18197. Upgrade Protobuf-Java to 3.21.12 (#26)
    
    
    This patch bumps up the protobuf version so that Hadoop
    is not a vulnerable to CVE-2021-22569.
    
    This does rename the module hadoop-shaded-protobuf_3_7
    because that significantly complicates imports/upgrading.
    
    This also fixes up the parent POM references in the child modules
    as IntelliJ requires a full path.
    
    Contributed by PJ Fanning
---
 LICENSE-binary                                                    | 2 +-
 hadoop-shaded-guava/pom.xml                                       | 2 +-
 .../pom.xml                                                       | 8 ++++----
 pom.xml                                                           | 4 ++--
 src/site/markdown/index.md.vm                                     | 4 ++--
 5 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/LICENSE-binary b/LICENSE-binary
index 1d24c48..33ca175 100644
--- a/LICENSE-binary
+++ b/LICENSE-binary
@@ -218,7 +218,7 @@ See licenses-binary/ for text of these licenses.
 
 BSD 3-Clause
 ------------
-com.google.protobuf:protobuf-java:3.7.1
+com.google.protobuf:protobuf-java:3.21.12
 
 
 MIT License
diff --git a/hadoop-shaded-guava/pom.xml b/hadoop-shaded-guava/pom.xml
index 6b143dd..0ed5a45 100644
--- a/hadoop-shaded-guava/pom.xml
+++ b/hadoop-shaded-guava/pom.xml
@@ -24,7 +24,7 @@
         <artifactId>hadoop-thirdparty</artifactId>
         <groupId>org.apache.hadoop.thirdparty</groupId>
         <version>1.2.0-SNAPSHOT</version>
-        <relativePath>..</relativePath>
+        <relativePath>../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>
     <artifactId>hadoop-shaded-guava</artifactId>
diff --git a/hadoop-shaded-protobuf_3_7/pom.xml 
b/hadoop-shaded-protobuf_3_21/pom.xml
similarity index 95%
rename from hadoop-shaded-protobuf_3_7/pom.xml
rename to hadoop-shaded-protobuf_3_21/pom.xml
index ae288fb..9e18a6b 100644
--- a/hadoop-shaded-protobuf_3_7/pom.xml
+++ b/hadoop-shaded-protobuf_3_21/pom.xml
@@ -24,11 +24,11 @@
     <artifactId>hadoop-thirdparty</artifactId>
     <groupId>org.apache.hadoop.thirdparty</groupId>
     <version>1.2.0-SNAPSHOT</version>
-    <relativePath>..</relativePath>
+    <relativePath>../pom.xml</relativePath>
   </parent>
   <modelVersion>4.0.0</modelVersion>
-  <artifactId>hadoop-shaded-protobuf_3_7</artifactId>
-  <name>Apache Hadoop shaded Protobuf 3.7</name>
+  <artifactId>hadoop-shaded-protobuf_3_21</artifactId>
+  <name>Apache Hadoop shaded Protobuf</name>
   <packaging>jar</packaging>
 
   <properties>
@@ -38,7 +38,7 @@
     <dependency>
       <groupId>com.google.protobuf</groupId>
       <artifactId>protobuf-java</artifactId>
-      <version>${protobuf_3_7.version}</version>
+      <version>${protobuf_3.version}</version>
     </dependency>
   </dependencies>
 
diff --git a/pom.xml b/pom.xml
index 9d39c42..07781c8 100644
--- a/pom.xml
+++ b/pom.xml
@@ -94,7 +94,7 @@
     <!--thirdparty dependency versions-->
     <shaded.prefix>org.apache.hadoop.thirdparty</shaded.prefix>
     <protobuf.shade.prefix>${shaded.prefix}.protobuf</protobuf.shade.prefix>
-    <protobuf_3_7.version>3.7.1</protobuf_3_7.version>
+    <protobuf_3.version>3.21.12</protobuf_3.version>
     <guava.version>32.0.1-jre</guava.version>
     <avro.version>1.11.3</avro.version>
 
@@ -123,7 +123,7 @@
   </organization>
 
   <modules>
-    <module>hadoop-shaded-protobuf_3_7</module>
+    <module>hadoop-shaded-protobuf_3_21</module>
     <module>hadoop-shaded-guava</module>
     <module>hadoop-shaded-avro_1_11</module>
   </modules>
diff --git a/src/site/markdown/index.md.vm b/src/site/markdown/index.md.vm
index fcaba6d..8673868 100644
--- a/src/site/markdown/index.md.vm
+++ b/src/site/markdown/index.md.vm
@@ -42,9 +42,9 @@ This page provides an overview of the major changes.
 
 Protobuf-java
 -------------
-Google Protobuf's 3.7.1 jar is available as 
*org.apache.hadoop.thirdparty:hadoop-shaded-protobuf_3_7* artifact.
+Google Protobuf's 3.21.12 jar is available as 
*org.apache.hadoop.thirdparty:hadoop-shaded-protobuf_3_21* artifact.
 
-Following are relocations under *hadoop-shaded-protobuf_3_7* artifact:
+Following are relocations under *hadoop-shaded-protobuf_3_21* artifact:
 
 |Original package | Shaded package |
 |---|---|


---------------------------------------------------------------------
To unsubscribe, e-mail: common-commits-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-commits-h...@hadoop.apache.org

Reply via email to