Found some dependency issues: 1. HADOOP-19352 upgrades aliyun-sdk-oss from 3.13.2 to 3.18.1, pulls additional transitive deps without properly upgrading LICENSE/NOTICE, see details at [1] 2. vulnerable hadoop-3.5.0/share/hadoop/tools/lib/lz4-java-1.8.0.jar should be excluded, but not, see HADOOP-19747
[1] https://github.com/apache/hadoop/pull/7205#issuecomment-3981600333 Thanks, Cheng Pan > On Feb 28, 2026, at 14:54, Chris Nauroth <[email protected]> wrote: > > I really appreciate it, Ayush! Just recapping what I commented on the JIRA > issue, I would +1 a PR from you, and I have no strong preference between > the attached diff vs. the alternative solution you posted in a follow-up > comment. > > Chris Nauroth > > > On Fri, Feb 27, 2026 at 7:03 AM Ayush Saxena <[email protected]> wrote: > >>> I still don't have an answer for MAPREDUCE-7527 and would appreciate more >> help looking at it. It doesn't repro on 3.4.3, so I'm hoping to find >> something from diffing the source. >> >> Hi Chris, >> I also haven’t worked much in this part of the codebase and have very >> limited experience with the UI layer. But, I tried to debug the issue and >> posted a patch that fixes it on my end. I’m not entirely sure whether this >> is the best approach or if it only resolves the issue in my setup, but this >> is the best I could do to help move things forward. >> >> Let me know what you think. If it looks good, I can create a PR for it. If >> something is missing or incorrect, or if you have any feedback, I’m happy >> to take another look and continue debugging over the weekend. >> >> -Ayush >> >> On Fri, 27 Feb 2026 at 03:44, Chris Nauroth <[email protected]> wrote: >> >>> I've pulled in the following new patches in preparation for a new RC: >>> >>> HADOOP-19778: Remove Deprecated WASB Code from Hadoop >>> HADOOP-19822: Upgrade Avro to 1.11.5 >>> MAPREDUCE-7533: MR AM UI wont be loaded on root path >>> >>> I still don't have an answer for MAPREDUCE-7527 and would appreciate more >>> help looking at it. It doesn't repro on 3.4.3, so I'm hoping to find >>> something from diffing the source. >>> >>> Chris Nauroth >>> >>> >>> On Tue, Feb 24, 2026 at 11:47 AM Chris Nauroth <[email protected]> >>> wrote: >>> >>>> I commented on MAPREDUCE-7527 with some initial analysis of a >> JavaScript >>>> error I found. I've never looked at this code much, so additional eyes >>> are >>>> welcome. >>>> >>>> Chris Nauroth >>>> >>>> >>>> On Tue, Feb 24, 2026 at 10:37 AM Chris Nauroth <[email protected]> >>>> wrote: >>>> >>>>> Hello everyone, >>>>> >>>>> We are definitely going to have an RC1. We want to include this on the >>>>> version boundary, which I just committed: >>>>> >>>>> HADOOP-19778: Remove Deprecated WASB Code from Hadoop >>>>> >>>>> The only difference is the removal of WASB, so any testing you've been >>>>> doing on RC0 is still helpful. >>>>> >>>>> Meanwhile, we can also look into MAPREDUCE-7527. >>>>> >>>>> Chris Nauroth >>>>> >>>>> >>>>> On Tue, Feb 24, 2026 at 9:34 AM Muralikrishna Dmmkr < >>>>> [email protected]> wrote: >>>>> >>>>>> Thanks Chris for driving the release, >>>>>> >>>>>> I have set up a single node environment with the 3.5.0-RC0, and was >>>>>> testing >>>>>> the JHS UI and found an issue, I have raised MAPREDUCE-7527 >>>>>> <https://issues.apache.org/jira/browse/MAPREDUCE-7527> a few weeks >>> back >>>>>> and >>>>>> the issue still persists. >>>>>> >>>>>> >>>>>> Thanks >>>>>> Murali Krishna >>>>>> >>>>>> >>>>>> On Tue, Feb 24, 2026 at 11:40 AM Chris Nauroth <[email protected]> >>>>>> wrote: >>>>>> >>>>>>> I have put together a release candidate (RC0) for Hadoop 3.5.0. >>>>>>> >>>>>>> This is a new minor version focused on JDK 17 compatibility, new >>> cloud >>>>>>> storage integrations, dependency upgrades, security patches, and >> new >>>>>>> features. >>>>>>> >>>>>>> Change log >>>>>>> >>>>>> >>> >> https://dist.apache.org/repos/dist/dev/hadoop/hadoop-3.5.0-RC0/CHANGELOG.md >>>>>>> >>>>>>> Release notes >>>>>>> >>>>>>> >>>>>> >>> >> https://dist.apache.org/repos/dist/dev/hadoop/hadoop-3.5.0-RC0/RELEASENOTES.md >>>>>>> >>>>>>> The RC is available at: >>>>>>> https://dist.apache.org/repos/dist/dev/hadoop/hadoop-3.5.0-RC0/ >>>>>>> >>>>>>> The git tag is release-3.5.0-RC0, commit >>>>>>> 2309c47a741040c914218b31d4326e2418cda439. >>>>>>> >>>>>>> The maven artifacts are staged at >>>>>>> >>>>>> >>> https://repository.apache.org/content/repositories/orgapachehadoop-1466 >>>>>>> >>>>>>> You can find my public key at: >>>>>>> https://dist.apache.org/repos/dist/release/hadoop/common/KEYS >>>>>>> >>>>>>> Please try the RC and vote. This vote is intended to run for 5 >> days. >>>>>>> >>>>>>> Chris Nauroth >>>>>>> >>>>>> >>>>> >>> >>
