I have not been following. I’ve been away for a while and am getting back up to speed. Thanks for summarizing the discussion so far.
I support it too. For purely practical reasons, I admit. We have to be CVE clean, to the extent possible, with annoying documentation requirements when known issues remain in a deployment image. We’d also want 3.4 for the fix for the lease leak on close bug in the DFS client. That was the cause of hundreds of half-closed WALs leaked in production before we analyzed the issues and rolled out a mitigation. We use FSHLog, for reasons. Users who do the same are subject to the same issue and bundling 3.4.1 libraries (and also documenting the required site configuration) is the solution. > On Jan 8, 2025, at 10:36 PM, Istvan Toth <st...@cloudera.com.invalid> wrote: > > We've updated the default Hadoop version on the non-release branches to > 3.4.1, and have discussed doing the same on the release branches. > I don't know if you've been following the discussion threads about this > Andrew, but it basically a dilemma of > > * risking undetected problems on HBase patch release upgrade, and causing > problems for some existing users > * VS shipping the release with old known CVEs in the included Hadoop, which > hinders HBase adoptation due to being perceived as insecure. > > Duo and I support this, but Nick has reservations, and deferred to you. > > What do you think ? > >> On Tue, Jan 7, 2025 at 5:44 PM Andrew Purtell <apurt...@apache.org> wrote: >> >> Hi Nihal, >> >> I think we could take HBASE-29028 and HBASE-28983 in the upcoming release >> right now. Let me follow up on the respective PRs. >> >> For HBASE-28832, I think it should have some time to bake. Maybe in >> branch-2 first, for kicking the tires, and then we could backport it to the >> releases. >> >>> On Mon, Jan 6, 2025 at 9:23 PM Nihal Jain <nihalj...@apache.org> wrote: >>> >>> Hi, >>> >>> Dávid Paksy is working on backporting changes for upgrading to bootstrap >>> 5.3.3. >>> >>> Following PRs are pending for this: >>> 1) HBASE-29028 Backport missing UI patches to branch-2.5 >>> 2) HBASE-28832 Upgrade from bootstrap 3.4.1 to non vulnerable version >> 5.3.3 >>> 3) HBASE-28983 Static resources are not loaded on REST web UI pages in >> dev >>> mode >>> >>> Changes for first two JIRAs are up review. Third is good to have. >>> >>> Please suggest if we want to consume these changes for upcoming release >> or >>> should we wait on merging these until release is done. >>> >>> Regards, >>> Nihal >>> >>> On 2025/01/06 17:49:10 Andrew Purtell wrote: >>>> Related to 2.5.11, there are 61 resolved issues*, and one pending that >>> may >>>> land in the next couple of days. >>>> >>>> * - https://issues.apache.org/jira/projects/HBASE/versions/12354955 >>>> >>>> On Mon, Jan 6, 2025 at 9:37 AM Andrew Purtell <apurt...@apache.org> >>> wrote: >>>> >>>>> We are overdue for a maintenance release of 2.5. >>>>> >>>>> If you have any pending work that should go in to such a release, >>> please >>>>> get it committed in the next couple of days. Please let me know if >> you >>> have >>>>> any blocking issues preventing that. >>>>> >>>> >>> >> >> >> -- >> Best regards, >> Andrew >> >> Unrest, ignorance distilled, nihilistic imbeciles - >> It's what we’ve earned >> Welcome, apocalypse, what’s taken you so long? >> Bring us the fitting end that we’ve been counting on >> - A23, Welcome, Apocalypse >> > > > -- > *István Tóth* | Sr. Staff Software Engineer > *Email*: st...@cloudera.com > cloudera.com <https://www.cloudera.com> > [image: Cloudera] <https://www.cloudera.com/> > [image: Cloudera on Twitter] <https://twitter.com/cloudera> [image: > Cloudera on Facebook] <https://www.facebook.com/cloudera> [image: Cloudera > on LinkedIn] <https://www.linkedin.com/company/cloudera> > ------------------------------ > ------------------------------
