[jira] [Commented] (HADOOP-18443) Upgrade snakeyaml to 1.31 to mitigate CVE-2022-25857

ASF GitHub Bot (Jira) Thu, 08 Sep 2022 14:04:41 -0700


    [ 
https://issues.apache.org/jira/browse/HADOOP-18443?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17602012#comment-17602012
 ]


ASF GitHub Bot commented on HADOOP-18443:
-----------------------------------------

hadoop-yetus commented on PR #4874:
URL: https://github.com/apache/hadoop/pull/4874#issuecomment-1241230984

   :broken_heart: **-1 overall**
   
   
   
   
   
   
   | Vote | Subsystem | Runtime |  Logfile | Comment |
   |:----:|----------:|--------:|:--------:|:-------:|
   | +0 :ok: |  reexec  |  11m 45s |  |  Docker mode activated.  |
   |||| _ Prechecks _ |
   | +1 :green_heart: |  dupname  |   0m  0s |  |  No case conflicting files 
found.  |
   | +0 :ok: |  codespell  |   0m  0s |  |  codespell was not available.  |
   | +0 :ok: |  detsecrets  |   0m  0s |  |  detect-secrets was not available.  
|
   | +0 :ok: |  xmllint  |   0m  0s |  |  xmllint was not available.  |
   | +1 :green_heart: |  @author  |   0m  0s |  |  The patch does not contain 
any @author tags.  |
   | -1 :x: |  test4tests  |   0m  0s |  |  The patch doesn't appear to include 
any new or modified tests. Please justify why no new tests are needed for this 
patch. Also please list what manual steps were performed to verify this patch.  
|
   |||| _ branch-3.2 Compile Tests _ |
   | +1 :green_heart: |  mvninstall  |  32m 53s |  |  branch-3.2 passed  |
   | +1 :green_heart: |  compile  |   0m 24s |  |  branch-3.2 passed  |
   | +1 :green_heart: |  mvnsite  |   0m 29s |  |  branch-3.2 passed  |
   | +1 :green_heart: |  javadoc  |   0m 34s |  |  branch-3.2 passed  |
   | +1 :green_heart: |  shadedclient  |  49m 11s |  |  branch has no errors 
when building and testing our client artifacts.  |
   |||| _ Patch Compile Tests _ |
   | +1 :green_heart: |  mvninstall  |   0m 16s |  |  the patch passed  |
   | +1 :green_heart: |  compile  |   0m 14s |  |  the patch passed  |
   | +1 :green_heart: |  javac  |   0m 14s |  |  the patch passed  |
   | +1 :green_heart: |  blanks  |   0m  0s |  |  The patch has no blanks 
issues.  |
   | +1 :green_heart: |  mvnsite  |   0m 16s |  |  the patch passed  |
   | +1 :green_heart: |  javadoc  |   0m 14s |  |  the patch passed  |
   | +1 :green_heart: |  shadedclient  |  17m  5s |  |  patch has no errors 
when building and testing our client artifacts.  |
   |||| _ Other Tests _ |
   | +1 :green_heart: |  unit  |   0m 18s |  |  hadoop-project in the patch 
passed.  |
   | +1 :green_heart: |  asflicense  |   0m 38s |  |  The patch does not 
generate ASF License warnings.  |
   |  |   |  81m 25s |  |  |
   
   
   | Subsystem | Report/Notes |
   |----------:|:-------------|
   | Docker | ClientAPI=1.41 ServerAPI=1.41 base: 
https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-4874/1/artifact/out/Dockerfile
 |
   | GITHUB PR | https://github.com/apache/hadoop/pull/4874 |
   | Optional Tests | dupname asflicense compile javac javadoc mvninstall 
mvnsite unit shadedclient codespell detsecrets xmllint |
   | uname | Linux 0c221052cf2b 4.15.0-191-generic #202-Ubuntu SMP Thu Aug 4 
01:49:29 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux |
   | Build tool | maven |
   | Personality | dev-support/bin/hadoop.sh |
   | git revision | branch-3.2 / 178bbe79eec705cb942093af3d84d4a96e8838e8 |
   | Default Java | Private Build-1.8.0_342-8u342-b07-0ubuntu1~18.04-b07 |
   |  Test Results | 
https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-4874/1/testReport/ |
   | Max. process+thread count | 330 (vs. ulimit of 5500) |
   | modules | C: hadoop-project U: hadoop-project |
   | Console output | 
https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-4874/1/console |
   | versions | git=2.17.1 maven=3.6.0 |
   | Powered by | Apache Yetus 0.14.0 https://yetus.apache.org |
   
   
   This message was automatically generated.
   
   




> Upgrade snakeyaml to 1.31 to mitigate CVE-2022-25857
> ----------------------------------------------------
>
>                 Key: HADOOP-18443
>                 URL: https://issues.apache.org/jira/browse/HADOOP-18443
>             Project: Hadoop Common
>          Issue Type: Bug
>          Components: security
>    Affects Versions: 3.3.3, 3.3.4
>            Reporter: groot
>            Assignee: groot
>            Priority: Major
>              Labels: pull-request-available
>
> Upgrade snakeyaml to 1.31 to mitigate CVE-2022-25857
>  
> Details - https://nvd.nist.gov/vuln/detail/CVE-2022-25857



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[jira] [Commented] (HADOOP-18443) Upgrade snakeyaml to 1.31 to mitigate CVE-2022-25857

Reply via email to