[
https://issues.apache.org/jira/browse/HDFS-16860?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17644490#comment-17644490
]
ASF GitHub Bot commented on HDFS-16860:
---------------------------------------
hadoop-yetus commented on PR #5194:
URL: https://github.com/apache/hadoop/pull/5194#issuecomment-1341498666
:confetti_ball: **+1 overall**
| Vote | Subsystem | Runtime | Logfile | Comment |
|:----:|----------:|--------:|:--------:|:-------:|
| +0 :ok: | reexec | 0m 58s | | Docker mode activated. |
|||| _ Prechecks _ |
| +1 :green_heart: | dupname | 0m 0s | | No case conflicting files
found. |
| +0 :ok: | codespell | 0m 0s | | codespell was not available. |
| +0 :ok: | detsecrets | 0m 0s | | detect-secrets was not available.
|
| +0 :ok: | jshint | 0m 0s | | jshint was not available. |
| +1 :green_heart: | @author | 0m 0s | | The patch does not contain
any @author tags. |
|||| _ trunk Compile Tests _ |
| +1 :green_heart: | mvninstall | 41m 33s | | trunk passed |
| +1 :green_heart: | shadedclient | 63m 48s | | branch has no errors
when building and testing our client artifacts. |
|||| _ Patch Compile Tests _ |
| +1 :green_heart: | mvninstall | 1m 17s | | the patch passed |
| +1 :green_heart: | blanks | 0m 0s | | The patch has no blanks
issues. |
| +1 :green_heart: | shadedclient | 22m 11s | | patch has no errors
when building and testing our client artifacts. |
|||| _ Other Tests _ |
| +1 :green_heart: | asflicense | 0m 35s | | The patch does not
generate ASF License warnings. |
| | | 90m 38s | | |
| Subsystem | Report/Notes |
|----------:|:-------------|
| Docker | ClientAPI=1.41 ServerAPI=1.41 base:
https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-5194/1/artifact/out/Dockerfile
|
| GITHUB PR | https://github.com/apache/hadoop/pull/5194 |
| Optional Tests | dupname asflicense shadedclient codespell detsecrets
jshint |
| uname | Linux 9296b69b3ee1 4.15.0-200-generic #211-Ubuntu SMP Thu Nov 24
18:16:04 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux |
| Build tool | maven |
| Personality | dev-support/bin/hadoop.sh |
| git revision | trunk / 13ff6da140c10970ac8b36f59e41696f954c19e1 |
| Max. process+thread count | 532 (vs. ulimit of 5500) |
| modules | C: hadoop-hdfs-project/hadoop-hdfs U:
hadoop-hdfs-project/hadoop-hdfs |
| Console output |
https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-5194/1/console |
| versions | git=2.25.1 maven=3.6.3 |
| Powered by | Apache Yetus 0.14.0 https://yetus.apache.org |
This message was automatically generated.
> Upgrade moment.min.js to 2.29.4
> -------------------------------
>
> Key: HDFS-16860
> URL: https://issues.apache.org/jira/browse/HDFS-16860
> Project: Hadoop HDFS
> Issue Type: Improvement
> Components: build, ui
> Affects Versions: 3.4.0
> Reporter: D M Murali Krishna Reddy
> Assignee: D M Murali Krishna Reddy
> Priority: Major
> Labels: pull-request-available, transitive-cve
>
> Upgrade moment.min.js to 2.29.4 to resolve
> https://nvd.nist.gov/vuln/detail/CVE-2022-31129
> "Users may notice a noticeable slowdown is observed with inputs above 10k
> characters. Users who pass user-provided strings without sanity length checks
> to moment constructor are vulnerable to (Re)DoS attacks. The problem is
> patched in 2.29.4"
> this only appears to affect the UI, not the yarn services, so it is a
> self-harm DoS rather than anything important. "if you pass in big strings the
> ui slows down"
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
