We've updated the default Hadoop version on the non-release branches to 3.4.1, and have discussed doing the same on the release branches. I don't know if you've been following the discussion threads about this Andrew, but it basically a dilemma of
* risking undetected problems on HBase patch release upgrade, and causing problems for some existing users * VS shipping the release with old known CVEs in the included Hadoop, which hinders HBase adoptation due to being perceived as insecure. Duo and I support this, but Nick has reservations, and deferred to you. What do you think ? On Tue, Jan 7, 2025 at 5:44 PM Andrew Purtell <apurt...@apache.org> wrote: > Hi Nihal, > > I think we could take HBASE-29028 and HBASE-28983 in the upcoming release > right now. Let me follow up on the respective PRs. > > For HBASE-28832, I think it should have some time to bake. Maybe in > branch-2 first, for kicking the tires, and then we could backport it to the > releases. > > On Mon, Jan 6, 2025 at 9:23 PM Nihal Jain <nihalj...@apache.org> wrote: > > > Hi, > > > > Dávid Paksy is working on backporting changes for upgrading to bootstrap > > 5.3.3. > > > > Following PRs are pending for this: > > 1) HBASE-29028 Backport missing UI patches to branch-2.5 > > 2) HBASE-28832 Upgrade from bootstrap 3.4.1 to non vulnerable version > 5.3.3 > > 3) HBASE-28983 Static resources are not loaded on REST web UI pages in > dev > > mode > > > > Changes for first two JIRAs are up review. Third is good to have. > > > > Please suggest if we want to consume these changes for upcoming release > or > > should we wait on merging these until release is done. > > > > Regards, > > Nihal > > > > On 2025/01/06 17:49:10 Andrew Purtell wrote: > > > Related to 2.5.11, there are 61 resolved issues*, and one pending that > > may > > > land in the next couple of days. > > > > > > * - https://issues.apache.org/jira/projects/HBASE/versions/12354955 > > > > > > On Mon, Jan 6, 2025 at 9:37 AM Andrew Purtell <apurt...@apache.org> > > wrote: > > > > > > > We are overdue for a maintenance release of 2.5. > > > > > > > > If you have any pending work that should go in to such a release, > > please > > > > get it committed in the next couple of days. Please let me know if > you > > have > > > > any blocking issues preventing that. > > > > > > > > > > > > -- > Best regards, > Andrew > > Unrest, ignorance distilled, nihilistic imbeciles - > It's what we’ve earned > Welcome, apocalypse, what’s taken you so long? > Bring us the fitting end that we’ve been counting on > - A23, Welcome, Apocalypse > -- *István Tóth* | Sr. Staff Software Engineer *Email*: st...@cloudera.com cloudera.com <https://www.cloudera.com> [image: Cloudera] <https://www.cloudera.com/> [image: Cloudera on Twitter] <https://twitter.com/cloudera> [image: Cloudera on Facebook] <https://www.facebook.com/cloudera> [image: Cloudera on LinkedIn] <https://www.linkedin.com/company/cloudera> ------------------------------ ------------------------------
