We've updated the default Hadoop version on the non-release branches to
3.4.1, and have discussed doing the same on the release branches.
I don't know if you've been following the discussion threads about this
Andrew, but it basically a dilemma of

* risking undetected problems on HBase patch release upgrade, and causing
problems for some existing users
* VS shipping the release with old known CVEs in the included Hadoop, which
hinders HBase adoptation due to being perceived as insecure.

Duo and I support this, but Nick has reservations, and deferred to you.

What do you think ?

On Tue, Jan 7, 2025 at 5:44 PM Andrew Purtell <apurt...@apache.org> wrote:

> Hi Nihal,
>
> I think we could take HBASE-29028 and HBASE-28983 in the upcoming release
> right now. Let me follow up on the respective PRs.
>
> For HBASE-28832, I think it should have some time to bake. Maybe in
> branch-2 first, for kicking the tires, and then we could backport it to the
> releases.
>
> On Mon, Jan 6, 2025 at 9:23 PM Nihal Jain <nihalj...@apache.org> wrote:
>
> > Hi,
> >
> > Dávid Paksy is working on backporting changes for upgrading to bootstrap
> > 5.3.3.
> >
> > Following PRs are pending for this:
> > 1) HBASE-29028 Backport missing UI patches to branch-2.5
> > 2) HBASE-28832 Upgrade from bootstrap 3.4.1 to non vulnerable version
> 5.3.3
> > 3) HBASE-28983 Static resources are not loaded on REST web UI pages in
> dev
> > mode
> >
> > Changes for first two JIRAs are up review. Third is good to have.
> >
> > Please suggest if we want to consume these changes for upcoming release
> or
> > should we wait on merging these until release is done.
> >
> > Regards,
> > Nihal
> >
> > On 2025/01/06 17:49:10 Andrew Purtell wrote:
> > > Related to 2.5.11, there are 61 resolved issues*, and one pending that
> > may
> > > land in the next couple of days.
> > >
> > > * - https://issues.apache.org/jira/projects/HBASE/versions/12354955
> > >
> > > On Mon, Jan 6, 2025 at 9:37 AM Andrew Purtell <apurt...@apache.org>
> > wrote:
> > >
> > > > We are overdue for a maintenance release of 2.5.
> > > >
> > > > If you have any pending work that should go in to such a release,
> > please
> > > > get it committed in the next couple of days. Please let me know if
> you
> > have
> > > > any blocking issues preventing that.
> > > >
> > >
> >
>
>
> --
> Best regards,
> Andrew
>
> Unrest, ignorance distilled, nihilistic imbeciles -
>     It's what we’ve earned
> Welcome, apocalypse, what’s taken you so long?
> Bring us the fitting end that we’ve been counting on
>    - A23, Welcome, Apocalypse
>


-- 
*István Tóth* | Sr. Staff Software Engineer
*Email*: st...@cloudera.com
cloudera.com <https://www.cloudera.com>
[image: Cloudera] <https://www.cloudera.com/>
[image: Cloudera on Twitter] <https://twitter.com/cloudera> [image:
Cloudera on Facebook] <https://www.facebook.com/cloudera> [image: Cloudera
on LinkedIn] <https://www.linkedin.com/company/cloudera>
------------------------------
------------------------------

Reply via email to