[jira] [Updated] (HDFS-12696) BlockPoolManager#startAll is called twice during DataNode startup
[ https://issues.apache.org/jira/browse/HDFS-12696?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nandakumar updated HDFS-12696: -- Resolution: Duplicate Status: Resolved (was: Patch Available) > BlockPoolManager#startAll is called twice during DataNode startup > - > > Key: HDFS-12696 > URL: https://issues.apache.org/jira/browse/HDFS-12696 > Project: Hadoop HDFS > Issue Type: Improvement > Components: datanode >Reporter: Nandakumar >Assignee: Nandakumar >Priority: Minor > Attachments: HDFS-12696.000.patch > > > As part of Datanode startup, {{BlockPoolManager#startAll}} which starts all > {{BPServiceActor}} threads is called twice. > First in {{Datanode}} constructor, {{Datanode#startDataNode}} is called which > does {{BlockPoolManager#refreshNamenodes}} inside which we do {{startAll}} > And as part of {{Datanode#runDatanodeDaemon}} we again call > {{BlockPoolManager#startAll}}. > Since {{BPServiceActor}} checks if {{bpThread}} is already running, before > starting them again, the second call is ignored. -- This message was sent by Atlassian Jira (v8.20.10#820010) - To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Updated] (HDFS-17362) RBF: Implement RouterObserverReadConfiguredFailoverProxyProvider
[ https://issues.apache.org/jira/browse/HDFS-17362?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Takanobu Asanuma updated HDFS-17362: Fix Version/s: 3.4.1 3.5.0 Resolution: Fixed Status: Resolved (was: Patch Available) > RBF: Implement RouterObserverReadConfiguredFailoverProxyProvider > > > Key: HDFS-17362 > URL: https://issues.apache.org/jira/browse/HDFS-17362 > Project: Hadoop HDFS > Issue Type: Task >Reporter: Takanobu Asanuma >Assignee: Takanobu Asanuma >Priority: Major > Labels: pull-request-available > Fix For: 3.4.1, 3.5.0 > > > Currently, RouterObserverReadProxyProvider is using IPFailoverProxyProvider, > while ObserverReadProxyProvider is using ConfiguredFailoverProxyProvider. If > we are to align RouterObserverReadProxyProvider with > ObserverReadProxyProvider, RouterObserverReadProxyProvider should internally > use ConfiguredFailoverProxyProvider. Moreover, IPFailoverProxyProvider has > an issue with resolving HA configurations. (For example, > IPFailoverProxyProvider cannot resolve hdfs://router-service.) -- This message was sent by Atlassian Jira (v8.20.10#820010) - To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Commented] (HDFS-17362) RBF: Implement RouterObserverReadConfiguredFailoverProxyProvider
[ https://issues.apache.org/jira/browse/HDFS-17362?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17816846#comment-17816846 ] ASF GitHub Bot commented on HDFS-17362: --- tasanuma commented on PR #6510: URL: https://github.com/apache/hadoop/pull/6510#issuecomment-1940175968 Merged. Thank you all. > RBF: Implement RouterObserverReadConfiguredFailoverProxyProvider > > > Key: HDFS-17362 > URL: https://issues.apache.org/jira/browse/HDFS-17362 > Project: Hadoop HDFS > Issue Type: Task >Reporter: Takanobu Asanuma >Assignee: Takanobu Asanuma >Priority: Major > Labels: pull-request-available > > Currently, RouterObserverReadProxyProvider is using IPFailoverProxyProvider, > while ObserverReadProxyProvider is using ConfiguredFailoverProxyProvider. If > we are to align RouterObserverReadProxyProvider with > ObserverReadProxyProvider, RouterObserverReadProxyProvider should internally > use ConfiguredFailoverProxyProvider. Moreover, IPFailoverProxyProvider has > an issue with resolving HA configurations. (For example, > IPFailoverProxyProvider cannot resolve hdfs://router-service.) -- This message was sent by Atlassian Jira (v8.20.10#820010) - To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Commented] (HDFS-17362) RBF: Implement RouterObserverReadConfiguredFailoverProxyProvider
[ https://issues.apache.org/jira/browse/HDFS-17362?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17816845#comment-17816845 ] ASF GitHub Bot commented on HDFS-17362: --- tasanuma merged PR #6510: URL: https://github.com/apache/hadoop/pull/6510 > RBF: Implement RouterObserverReadConfiguredFailoverProxyProvider > > > Key: HDFS-17362 > URL: https://issues.apache.org/jira/browse/HDFS-17362 > Project: Hadoop HDFS > Issue Type: Task >Reporter: Takanobu Asanuma >Assignee: Takanobu Asanuma >Priority: Major > Labels: pull-request-available > > Currently, RouterObserverReadProxyProvider is using IPFailoverProxyProvider, > while ObserverReadProxyProvider is using ConfiguredFailoverProxyProvider. If > we are to align RouterObserverReadProxyProvider with > ObserverReadProxyProvider, RouterObserverReadProxyProvider should internally > use ConfiguredFailoverProxyProvider. Moreover, IPFailoverProxyProvider has > an issue with resolving HA configurations. (For example, > IPFailoverProxyProvider cannot resolve hdfs://router-service.) -- This message was sent by Atlassian Jira (v8.20.10#820010) - To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Commented] (HDFS-17372) CommandProcessingThread#queue should use LinkedBlockingDeque to prevent high priority command blocked by low priority command
[ https://issues.apache.org/jira/browse/HDFS-17372?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17816839#comment-17816839 ] ASF GitHub Bot commented on HDFS-17372: --- hfutatzhanghb commented on PR #6530: URL: https://github.com/apache/hadoop/pull/6530#issuecomment-1939988318 > DatanodeManager#handleHeartbeat Hi, sir. I have some doubts that what should we do if we add new CMD type here? The access key update cmd will not be the last two in array. > CommandProcessingThread#queue should use LinkedBlockingDeque to prevent high > priority command blocked by low priority command > - > > Key: HDFS-17372 > URL: https://issues.apache.org/jira/browse/HDFS-17372 > Project: Hadoop HDFS > Issue Type: Improvement >Reporter: farmmamba >Assignee: farmmamba >Priority: Major > Labels: pull-request-available > -- This message was sent by Atlassian Jira (v8.20.10#820010) - To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Commented] (HDFS-17377) Long Standing High Risk CVE in Hadoop
[ https://issues.apache.org/jira/browse/HDFS-17377?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17816629#comment-17816629 ] Prathap Sagar S commented on HDFS-17377: [~ste...@apache.org] Can you point me to where the protobuf dependency is coming from in the hbase timeline server. I will have a look into it. > Long Standing High Risk CVE in Hadoop > - > > Key: HDFS-17377 > URL: https://issues.apache.org/jira/browse/HDFS-17377 > Project: Hadoop HDFS > Issue Type: Improvement >Affects Versions: 3.4.0 >Reporter: Prathap Sagar S >Priority: Major > Attachments: HADOOP_CVE_LIST.xlsx > > > Our ongoing security scans are turning up several long-standing CVEs, even in > the most recent version of Hadoop, which is making it difficult for us to use > Hadoop in our echo system. A comprehensive list of all the long-standing CVEs > and the JARs holding them is attached. I'm asking for community assistance to > address these high-risk vulnerabilities as soon as possible. > > |Vulnerability ID|Severity|Package name|Package version|Package type|Package > path|Package suggested fix| > |CVE-2023-2976|High|com.google.guava:guava|30.1.1-jre|java|/hadoop-3.4.0/share/hadoop/common/lib/hadoop-shaded-guava-1.1.1.jar|v32.0.0-android| > |CVE-2023-2976|High|com.google.guava:guava|30.1.1-jre|java|/hadoop-3.4.0/share/hadoop/client/hadoop-client-runtime-3.4.0-SNAPSHOT.jar|v32.0.0-android| > |CVE-2023-2976|High|com.google.guava:guava|12.0.1|java|/hadoop-3.4.0/share/hadoop/yarn/timelineservice/lib/guava-12.0.1.jar|v32.0.0-android| > |CVE-2023-2976|High|com.google.guava:guava|27.0-jre|java|/hadoop-3.4.0/share/hadoop/hdfs/lib/guava-27.0-jre.jar|v32.0.0-android| > |CVE-2023-2976|High|com.google.guava:guava|27.0-jre|java|/hadoop-3.4.0/share/hadoop/common/lib/guava-27.0-jre.jar|v32.0.0-android| > |CVE-2023-2976|High|com.google.guava:guava|30.1.1-jre|java|/hadoop-3.4.0/share/hadoop/hdfs/lib/hadoop-shaded-guava-1.1.1.jar|v32.0.0-android| > |CVE-2022-25647|High|com.google.code.gson:gson|2.8.5|java|/hadoop-3.4.0/share/hadoop/yarn/timelineservice/lib/hbase-shaded-gson-3.0.0.jar|v2.8.9| > |CVE-2022-3171|High|com.google.protobuf:protobuf-java|3.7.1|java|/hadoop-3.4.0/share/hadoop/client/hadoop-client-runtime-3.4.0-SNAPSHOT.jar|v3.16.3| > |CVE-2022-3171|High|com.google.protobuf:protobuf-java|2.5.0|java|/hadoop-3.4.0/share/hadoop/yarn/lib/protobuf-java-2.5.0.jar|v3.16.3| > |CVE-2022-3171|High|com.google.protobuf:protobuf-java|3.7.1|java|/hadoop-3.4.0/share/hadoop/common/lib/hadoop-shaded-guava-1.1.1.jar|v3.16.3| > |CVE-2022-3171|High|com.google.protobuf:protobuf-java|3.7.1|java|/hadoop-3.4.0/share/hadoop/common/lib/hadoop-shaded-protobuf_3_7-1.1.1.jar|v3.16.3| > |CVE-2022-3509|High|com.google.protobuf:protobuf-java|2.5.0|java|/hadoop-3.4.0/share/hadoop/yarn/lib/protobuf-java-2.5.0.jar|v3.16.3| > |CVE-2022-3509|High|com.google.protobuf:protobuf-java|3.7.1|java|/hadoop-3.4.0/share/hadoop/client/hadoop-client-runtime-3.4.0-SNAPSHOT.jar|v3.16.3| > |CVE-2022-3509|High|com.google.protobuf:protobuf-java|3.7.1|java|/hadoop-3.4.0/share/hadoop/hdfs/lib/hadoop-shaded-protobuf_3_7-1.1.1.jar|v3.16.3| > |CVE-2022-3509|High|com.google.protobuf:protobuf-java|3.7.1|java|/hadoop-3.4.0/share/hadoop/common/lib/hadoop-shaded-protobuf_3_7-1.1.1.jar|v3.16.3| > |CVE-2022-3510|High|com.google.protobuf:protobuf-java|3.7.1|java|/hadoop-3.4.0/share/hadoop/hdfs/lib/hadoop-shaded-protobuf_3_7-1.1.1.jar|v3.16.3| > |CVE-2022-3510|High|com.google.protobuf:protobuf-java|3.7.1|java|/hadoop-3.4.0/share/hadoop/common/lib/hadoop-shaded-protobuf_3_7-1.1.1.jar|v3.16.3| > |CVE-2022-3510|High|com.google.protobuf:protobuf-java|3.7.1|java|/hadoop-3.4.0/share/hadoop/client/hadoop-client-runtime-3.4.0-SNAPSHOT.jar|v3.16.3| > |CVE-2022-3510|High|com.google.protobuf:protobuf-java|2.5.0|java|/hadoop-3.4.0/share/hadoop/yarn/lib/protobuf-java-2.5.0.jar|v3.16.3| > |CVE-2023-39410|High|org.apache.avro:avro|1.9.2|java|/hadoop-3.4.0/share/hadoop/hdfs/lib/avro-1.9.2.jar|v1.11.3| > |CVE-2023-39410|High|org.apache.avro:avro|1.9.2|java|/hadoop-3.4.0/share/hadoop/client/hadoop-client-runtime-3.4.0-SNAPSHOT.jar|v1.11.3| > |CVE-2023-39410|High|org.apache.avro:avro|1.9.2|java|/hadoop-3.4.0/share/hadoop/common/lib/avro-1.9.2.jar|v1.11.3| > |CVE-2021-22570|Medium|com.google.protobuf:protobuf-java|3.7.1|java|/hadoop-3.4.0/share/hadoop/client/hadoop-client-runtime-3.4.0-SNAPSHOT.jar|v3.16.3| > |CVE-2021-22570|Medium|com.google.protobuf:protobuf-java|2.5.0|java|/hadoop-3.4.0/share/hadoop/yarn/lib/protobuf-java-2.5.0.jar|v3.16.3| > |CVE-2021-22570|Medium|com.google.protobuf:protobuf-java|3.7.1|java|/hadoop-3.4.0/share/hadoop/hdfs/lib/hadoop-shaded-protobuf_3_7-1.1.1.jar|v3.16.3| >
[jira] [Commented] (HDFS-17377) Long Standing High Risk CVE in Hadoop
[ https://issues.apache.org/jira/browse/HDFS-17377?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17816588#comment-17816588 ] Steve Loughran commented on HDFS-17377: --- [~prathapsagars] thank you very much for doing this against 3.4.0. we've actually just done a release of the hadoop-third-party jar for the forthcoming 3.4.0 RC2 (this week!), with a goal of a future backport to 3.3.9. it's list of artifacts is https://github.com/apache/hadoop-thirdparty/blob/trunk/LICENSE-binary#L205 {code} com.google.guava:guava:jar:32.0.1-jre com.google.j2objc:j2objc-annotations:1.3 com.google.errorprone:error_prone_annotations:2.5.1 org.apache.avro:avro:1.11.3 com.google.protobuf:protobuf-java:3.21.12 org.checkerframework:checker-qual:jar:3.8.0 {code} Regarding others, this is an eternal source of pain; i've tried to document it before: https://steveloughran.blogspot.com/2022/08/transitive-issues.html we have (especially pjfanning has, to give credit) put a lot of effort to try and upgrade things without breaking downstream applications. We've had to do things with reflection, build our own releases of dependencies to move off jackson 1.x and more. I also think I'd never to want to use Guava in a project ever again. We've actually been re-implenting bits of it (Preconditions, sets) or wrapping it (rate limiting) to isolate it better. {code} ./share/hadoop/tools/lib/wildfly-openssl-1.1.3.Final.jar ./share/hadoop/tools/lib/kafka-clients-2.8.2.jar ./share/hadoop/tools/lib/ini4j-0.5.4.jar ./share/hadoop/tools/lib/aliyun-java-sdk-kms-2.11.0.jar ./share/hadoop/tools/lib/aliyun-sdk-oss-3.13.2.jar ./share/hadoop/tools/lib/opentracing-api-0.33.0.jar ./share/hadoop/tools/lib/hadoop-federation-balance-3.4.1-SNAPSHOT.jar ./share/hadoop/tools/lib/hadoop-minicluster-3.4.1-SNAPSHOT.jar ./share/hadoop/tools/lib/azure-data-lake-store-sdk-2.3.9.jar ./share/hadoop/tools/lib/jdk.tools-1.8.jar ./share/hadoop/tools/lib/hadoop-rumen-3.4.1-SNAPSHOT.jar ./share/hadoop/tools/lib/hadoop-datajoin-3.4.1-SNAPSHOT.jar ./share/hadoop/tools/lib/aliyun-java-sdk-ram-3.1.0.jar ./share/hadoop/tools/lib/hadoop-dynamometer-blockgen-3.4.1-SNAPSHOT.jar ./share/hadoop/tools/lib/azure-keyvault-core-1.0.0.jar ./share/hadoop/tools/lib/junit-4.13.2.jar ./share/hadoop/tools/lib/hadoop-sls-3.4.1-SNAPSHOT.jar ./share/hadoop/tools/lib/hadoop-resourceestimator-3.4.1-SNAPSHOT.jar ./share/hadoop/tools/lib/opentracing-noop-0.33.0.jar ./share/hadoop/tools/lib/hadoop-archive-logs-3.4.1-SNAPSHOT.jar ./share/hadoop/tools/lib/org.jacoco.agent-0.8.5-runtime.jar ./share/hadoop/tools/lib/hadoop-fs2img-3.4.1-SNAPSHOT.jar ./share/hadoop/tools/lib/hadoop-gridmix-3.4.1-SNAPSHOT.jar ./share/hadoop/tools/lib/lz4-java-1.7.1.jar ./share/hadoop/tools/lib/hadoop-distcp-3.4.1-SNAPSHOT.jar ./share/hadoop/tools/lib/hadoop-azure-3.4.1-SNAPSHOT.jar ./share/hadoop/tools/lib/hadoop-dynamometer-infra-3.4.1-SNAPSHOT.jar ./share/hadoop/tools/lib/hadoop-archives-3.4.1-SNAPSHOT.jar ./share/hadoop/tools/lib/azure-storage-7.0.1.jar ./share/hadoop/tools/lib/hamcrest-core-1.3.jar ./share/hadoop/tools/lib/bundle-2.23.19.jar ./share/hadoop/tools/lib/hadoop-streaming-3.4.1-SNAPSHOT.jar ./share/hadoop/tools/lib/hadoop-azure-datalake-3.4.1-SNAPSHOT.jar ./share/hadoop/tools/lib/hadoop-client-3.4.1-SNAPSHOT.jar ./share/hadoop/tools/lib/opentracing-util-0.33.0.jar ./share/hadoop/tools/lib/hadoop-kafka-3.4.1-SNAPSHOT.jar ./share/hadoop/tools/lib/aliyun-java-sdk-core-4.5.10.jar ./share/hadoop/tools/lib/hadoop-aliyun-3.4.1-SNAPSHOT.jar ./share/hadoop/tools/lib/zstd-jni-1.4.9-1.jar ./share/hadoop/tools/lib/jdom2-2.0.6.1.jar ./share/hadoop/tools/lib/ojalgo-43.0.jar ./share/hadoop/tools/lib/hadoop-extras-3.4.1-SNAPSHOT.jar ./share/hadoop/tools/lib/hadoop-aws-3.4.1-SNAPSHOT.jar ./share/hadoop/tools/lib/hadoop-dynamometer-workload-3.4.1-SNAPSHOT.jar ./share/hadoop/tools/sources/hadoop-extras-3.4.1-SNAPSHOT-test-sources.jar ./share/hadoop/tools/sources/hadoop-federation-balance-3.4.1-SNAPSHOT-test-sources.jar ./share/hadoop/tools/sources/hadoop-streaming-3.4.1-SNAPSHOT-sources.jar ./share/hadoop/tools/sources/hadoop-archives-3.4.1-SNAPSHOT-sources.jar ./share/hadoop/tools/sources/hadoop-distcp-3.4.1-SNAPSHOT-test-sources.jar ./share/hadoop/tools/sources/hadoop-streaming-3.4.1-SNAPSHOT-test-sources.jar ./share/hadoop/tools/sources/hadoop-distcp-3.4.1-SNAPSHOT-sources.jar ./share/hadoop/tools/sources/hadoop-dynamometer-infra-3.4.1-SNAPSHOT-test-sources.jar ./share/hadoop/tools/sources/hadoop-dynamometer-workload-3.4.1-SNAPSHOT-test-sources.jar ./share/hadoop/tools/sources/hadoop-rumen-3.4.1-SNAPSHOT-sources.jar ./share/hadoop/tools/sources/hadoop-sls-3.4.1-SNAPSHOT-sources.jar ./share/hadoop/tools/sources/hadoop-rumen-3.4.1-SNAPSHOT-test-sources.jar ./share/hadoop/tools/sources/hadoop-dynamometer-blockgen-3.4.1-SNAPSHOT-test-sources.jar ./share/hadoop/tools/sources/hadoop-gridmix-3.4.1-SNAPSHOT-test-sources.jar
[jira] [Commented] (HDFS-17377) Long Standing High Risk CVE in Hadoop
[ https://issues.apache.org/jira/browse/HDFS-17377?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17816577#comment-17816577 ] Steve Loughran commented on HDFS-17377: --- how is protobuf 2.5 getting in to yarn? i thought I'd purged that. maybe it is coming in through the hbase timeline server > Long Standing High Risk CVE in Hadoop > - > > Key: HDFS-17377 > URL: https://issues.apache.org/jira/browse/HDFS-17377 > Project: Hadoop HDFS > Issue Type: Improvement >Affects Versions: 3.4.0 >Reporter: Prathap Sagar S >Priority: Major > Attachments: HADOOP_CVE_LIST.xlsx > > > Our ongoing security scans are turning up several long-standing CVEs, even in > the most recent version of Hadoop, which is making it difficult for us to use > Hadoop in our echo system. A comprehensive list of all the long-standing CVEs > and the JARs holding them is attached. I'm asking for community assistance to > address these high-risk vulnerabilities as soon as possible. > > |Vulnerability ID|Severity|Package name|Package version|Package type|Package > path|Package suggested fix| > |CVE-2023-2976|High|com.google.guava:guava|30.1.1-jre|java|/hadoop-3.4.0/share/hadoop/common/lib/hadoop-shaded-guava-1.1.1.jar|v32.0.0-android| > |CVE-2023-2976|High|com.google.guava:guava|30.1.1-jre|java|/hadoop-3.4.0/share/hadoop/client/hadoop-client-runtime-3.4.0-SNAPSHOT.jar|v32.0.0-android| > |CVE-2023-2976|High|com.google.guava:guava|12.0.1|java|/hadoop-3.4.0/share/hadoop/yarn/timelineservice/lib/guava-12.0.1.jar|v32.0.0-android| > |CVE-2023-2976|High|com.google.guava:guava|27.0-jre|java|/hadoop-3.4.0/share/hadoop/hdfs/lib/guava-27.0-jre.jar|v32.0.0-android| > |CVE-2023-2976|High|com.google.guava:guava|27.0-jre|java|/hadoop-3.4.0/share/hadoop/common/lib/guava-27.0-jre.jar|v32.0.0-android| > |CVE-2023-2976|High|com.google.guava:guava|30.1.1-jre|java|/hadoop-3.4.0/share/hadoop/hdfs/lib/hadoop-shaded-guava-1.1.1.jar|v32.0.0-android| > |CVE-2022-25647|High|com.google.code.gson:gson|2.8.5|java|/hadoop-3.4.0/share/hadoop/yarn/timelineservice/lib/hbase-shaded-gson-3.0.0.jar|v2.8.9| > |CVE-2022-3171|High|com.google.protobuf:protobuf-java|3.7.1|java|/hadoop-3.4.0/share/hadoop/client/hadoop-client-runtime-3.4.0-SNAPSHOT.jar|v3.16.3| > |CVE-2022-3171|High|com.google.protobuf:protobuf-java|2.5.0|java|/hadoop-3.4.0/share/hadoop/yarn/lib/protobuf-java-2.5.0.jar|v3.16.3| > |CVE-2022-3171|High|com.google.protobuf:protobuf-java|3.7.1|java|/hadoop-3.4.0/share/hadoop/common/lib/hadoop-shaded-guava-1.1.1.jar|v3.16.3| > |CVE-2022-3171|High|com.google.protobuf:protobuf-java|3.7.1|java|/hadoop-3.4.0/share/hadoop/common/lib/hadoop-shaded-protobuf_3_7-1.1.1.jar|v3.16.3| > |CVE-2022-3509|High|com.google.protobuf:protobuf-java|2.5.0|java|/hadoop-3.4.0/share/hadoop/yarn/lib/protobuf-java-2.5.0.jar|v3.16.3| > |CVE-2022-3509|High|com.google.protobuf:protobuf-java|3.7.1|java|/hadoop-3.4.0/share/hadoop/client/hadoop-client-runtime-3.4.0-SNAPSHOT.jar|v3.16.3| > |CVE-2022-3509|High|com.google.protobuf:protobuf-java|3.7.1|java|/hadoop-3.4.0/share/hadoop/hdfs/lib/hadoop-shaded-protobuf_3_7-1.1.1.jar|v3.16.3| > |CVE-2022-3509|High|com.google.protobuf:protobuf-java|3.7.1|java|/hadoop-3.4.0/share/hadoop/common/lib/hadoop-shaded-protobuf_3_7-1.1.1.jar|v3.16.3| > |CVE-2022-3510|High|com.google.protobuf:protobuf-java|3.7.1|java|/hadoop-3.4.0/share/hadoop/hdfs/lib/hadoop-shaded-protobuf_3_7-1.1.1.jar|v3.16.3| > |CVE-2022-3510|High|com.google.protobuf:protobuf-java|3.7.1|java|/hadoop-3.4.0/share/hadoop/common/lib/hadoop-shaded-protobuf_3_7-1.1.1.jar|v3.16.3| > |CVE-2022-3510|High|com.google.protobuf:protobuf-java|3.7.1|java|/hadoop-3.4.0/share/hadoop/client/hadoop-client-runtime-3.4.0-SNAPSHOT.jar|v3.16.3| > |CVE-2022-3510|High|com.google.protobuf:protobuf-java|2.5.0|java|/hadoop-3.4.0/share/hadoop/yarn/lib/protobuf-java-2.5.0.jar|v3.16.3| > |CVE-2023-39410|High|org.apache.avro:avro|1.9.2|java|/hadoop-3.4.0/share/hadoop/hdfs/lib/avro-1.9.2.jar|v1.11.3| > |CVE-2023-39410|High|org.apache.avro:avro|1.9.2|java|/hadoop-3.4.0/share/hadoop/client/hadoop-client-runtime-3.4.0-SNAPSHOT.jar|v1.11.3| > |CVE-2023-39410|High|org.apache.avro:avro|1.9.2|java|/hadoop-3.4.0/share/hadoop/common/lib/avro-1.9.2.jar|v1.11.3| > |CVE-2021-22570|Medium|com.google.protobuf:protobuf-java|3.7.1|java|/hadoop-3.4.0/share/hadoop/client/hadoop-client-runtime-3.4.0-SNAPSHOT.jar|v3.16.3| > |CVE-2021-22570|Medium|com.google.protobuf:protobuf-java|2.5.0|java|/hadoop-3.4.0/share/hadoop/yarn/lib/protobuf-java-2.5.0.jar|v3.16.3| > |CVE-2021-22570|Medium|com.google.protobuf:protobuf-java|3.7.1|java|/hadoop-3.4.0/share/hadoop/hdfs/lib/hadoop-shaded-protobuf_3_7-1.1.1.jar|v3.16.3| > |CVE-2021-22570|Medium|com.google.protobuf:protobuf-java|3.7.1|java|/hadoop-3.4.0/share/hadoop/common/lib/hadoop-shaded-protobuf_3_7-1.1.1.jar|v3.16.3| >