Thank you Andrew for the heads up. HBASE-29028 is merged. We will hold on HBASE-28832 and HBASE-28983 and take these post release.
On 2025/01/09 11:30:19 Istvan Toth wrote: > Thank you. > I've merged the patches, and will update Docs ASAP. > > Istvan > > On Thu, Jan 9, 2025 at 12:27 PM Nick Dimiduk <ndimi...@apache.org> wrote: > > > Okay, let's go for it, István. This will be our policy for active > > release lines going forward. Go ahead with your patches and please > > update the compatibility guidelines in the book relating to supported > > Hadoop versions and CVE mitigation, as appropriate. > > > > Thanks, > > Nick > > > > On Thu, Jan 9, 2025 at 7:57 AM Andrew Purtell <andrew.purt...@gmail.com> > > wrote: > > > > > > I have not been following. I’ve been away for a while and am getting > > back up to speed. Thanks for summarizing the discussion so far. > > > > > > I support it too. For purely practical reasons, I admit. We have to be > > CVE clean, to the extent possible, with annoying documentation requirements > > when known issues remain in a deployment image. > > > > > > We’d also want 3.4 for the fix for the lease leak on close bug in the > > DFS client. That was the cause of hundreds of half-closed WALs leaked in > > production before we analyzed the issues and rolled out a mitigation. We > > use FSHLog, for reasons. Users who do the same are subject to the same > > issue and bundling 3.4.1 libraries (and also documenting the required site > > configuration) is the solution. > > > > > > > On Jan 8, 2025, at 10:36 PM, Istvan Toth <st...@cloudera.com.invalid> > > wrote: > > > > > > > > We've updated the default Hadoop version on the non-release branches > > to > > > > 3.4.1, and have discussed doing the same on the release branches. > > > > I don't know if you've been following the discussion threads about this > > > > Andrew, but it basically a dilemma of > > > > > > > > * risking undetected problems on HBase patch release upgrade, and > > causing > > > > problems for some existing users > > > > * VS shipping the release with old known CVEs in the included Hadoop, > > which > > > > hinders HBase adoptation due to being perceived as insecure. > > > > > > > > Duo and I support this, but Nick has reservations, and deferred to you. > > > > > > > > What do you think ? > > > > > > > >> On Tue, Jan 7, 2025 at 5:44 PM Andrew Purtell <apurt...@apache.org> > > wrote: > > > >> > > > >> Hi Nihal, > > > >> > > > >> I think we could take HBASE-29028 and HBASE-28983 in the upcoming > > release > > > >> right now. Let me follow up on the respective PRs. > > > >> > > > >> For HBASE-28832, I think it should have some time to bake. Maybe in > > > >> branch-2 first, for kicking the tires, and then we could backport it > > to the > > > >> releases. > > > >> > > > >>> On Mon, Jan 6, 2025 at 9:23 PM Nihal Jain <nihalj...@apache.org> > > wrote: > > > >>> > > > >>> Hi, > > > >>> > > > >>> Dávid Paksy is working on backporting changes for upgrading to > > bootstrap > > > >>> 5.3.3. > > > >>> > > > >>> Following PRs are pending for this: > > > >>> 1) HBASE-29028 Backport missing UI patches to branch-2.5 > > > >>> 2) HBASE-28832 Upgrade from bootstrap 3.4.1 to non vulnerable version > > > >> 5.3.3 > > > >>> 3) HBASE-28983 Static resources are not loaded on REST web UI pages > > in > > > >> dev > > > >>> mode > > > >>> > > > >>> Changes for first two JIRAs are up review. Third is good to have. > > > >>> > > > >>> Please suggest if we want to consume these changes for upcoming > > release > > > >> or > > > >>> should we wait on merging these until release is done. > > > >>> > > > >>> Regards, > > > >>> Nihal > > > >>> > > > >>> On 2025/01/06 17:49:10 Andrew Purtell wrote: > > > >>>> Related to 2.5.11, there are 61 resolved issues*, and one pending > > that > > > >>> may > > > >>>> land in the next couple of days. > > > >>>> > > > >>>> * - https://issues.apache.org/jira/projects/HBASE/versions/12354955 > > > >>>> > > > >>>> On Mon, Jan 6, 2025 at 9:37 AM Andrew Purtell <apurt...@apache.org> > > > >>> wrote: > > > >>>> > > > >>>>> We are overdue for a maintenance release of 2.5. > > > >>>>> > > > >>>>> If you have any pending work that should go in to such a release, > > > >>> please > > > >>>>> get it committed in the next couple of days. Please let me know if > > > >> you > > > >>> have > > > >>>>> any blocking issues preventing that. > > > >>>>> > > > >>>> > > > >>> > > > >> > > > >> > > > >> -- > > > >> Best regards, > > > >> Andrew > > > >> > > > >> Unrest, ignorance distilled, nihilistic imbeciles - > > > >> It's what we’ve earned > > > >> Welcome, apocalypse, what’s taken you so long? > > > >> Bring us the fitting end that we’ve been counting on > > > >> - A23, Welcome, Apocalypse > > > >> > > > > > > > > > > > > -- > > > > *István Tóth* | Sr. Staff Software Engineer > > > > *Email*: st...@cloudera.com > > > > cloudera.com <https://www.cloudera.com> > > > > [image: Cloudera] <https://www.cloudera.com/> > > > > [image: Cloudera on Twitter] <https://twitter.com/cloudera> [image: > > > > Cloudera on Facebook] <https://www.facebook.com/cloudera> [image: > > Cloudera > > > > on LinkedIn] <https://www.linkedin.com/company/cloudera> > > > > ------------------------------ > > > > ------------------------------ > > > > > -- > *István Tóth* | Sr. Staff Software Engineer > *Email*: st...@cloudera.com > cloudera.com <https://www.cloudera.com> > [image: Cloudera] <https://www.cloudera.com/> > [image: Cloudera on Twitter] <https://twitter.com/cloudera> [image: > Cloudera on Facebook] <https://www.facebook.com/cloudera> [image: Cloudera > on LinkedIn] <https://www.linkedin.com/company/cloudera> > ------------------------------ > ------------------------------ >
