date:20240212

[jira] [Updated] (HDFS-12696) BlockPoolManager#startAll is called twice during DataNode startup

2024-02-12 Thread Nandakumar (Jira)



 [ 
https://issues.apache.org/jira/browse/HDFS-12696?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Nandakumar updated HDFS-12696:
--
Resolution: Duplicate
Status: Resolved  (was: Patch Available)

> BlockPoolManager#startAll is called twice during DataNode startup
> -
>
> Key: HDFS-12696
> URL: https://issues.apache.org/jira/browse/HDFS-12696
> Project: Hadoop HDFS
>  Issue Type: Improvement
>  Components: datanode
>Reporter: Nandakumar
>Assignee: Nandakumar
>Priority: Minor
> Attachments: HDFS-12696.000.patch
>
>
> As part of Datanode startup, {{BlockPoolManager#startAll}} which starts all 
> {{BPServiceActor}} threads is called twice.
> First in {{Datanode}} constructor, {{Datanode#startDataNode}} is called which 
> does {{BlockPoolManager#refreshNamenodes}} inside which we do {{startAll}}
> And as part of {{Datanode#runDatanodeDaemon}} we again call 
> {{BlockPoolManager#startAll}}.
> Since {{BPServiceActor}} checks if {{bpThread}} is already running, before 
> starting them again, the second call is ignored.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

-
To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org

[jira] [Updated] (HDFS-17362) RBF: Implement RouterObserverReadConfiguredFailoverProxyProvider

2024-02-12 Thread Takanobu Asanuma (Jira)



 [ 
https://issues.apache.org/jira/browse/HDFS-17362?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Takanobu Asanuma updated HDFS-17362:

Fix Version/s: 3.4.1
   3.5.0
   Resolution: Fixed
   Status: Resolved  (was: Patch Available)

> RBF: Implement RouterObserverReadConfiguredFailoverProxyProvider
> 
>
> Key: HDFS-17362
> URL: https://issues.apache.org/jira/browse/HDFS-17362
> Project: Hadoop HDFS
>  Issue Type: Task
>Reporter: Takanobu Asanuma
>Assignee: Takanobu Asanuma
>Priority: Major
>  Labels: pull-request-available
> Fix For: 3.4.1, 3.5.0
>
>
> Currently, RouterObserverReadProxyProvider is using IPFailoverProxyProvider, 
> while ObserverReadProxyProvider is using ConfiguredFailoverProxyProvider.  If 
> we are to align RouterObserverReadProxyProvider with 
> ObserverReadProxyProvider, RouterObserverReadProxyProvider should internally 
> use ConfiguredFailoverProxyProvider.  Moreover, IPFailoverProxyProvider has 
> an issue with resolving HA configurations. (For example, 
> IPFailoverProxyProvider cannot resolve hdfs://router-service.)



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

-
To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org

[jira] [Commented] (HDFS-17362) RBF: Implement RouterObserverReadConfiguredFailoverProxyProvider

2024-02-12 Thread ASF GitHub Bot (Jira)



[ 
https://issues.apache.org/jira/browse/HDFS-17362?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17816846#comment-17816846
 ] 

ASF GitHub Bot commented on HDFS-17362:
---

tasanuma commented on PR #6510:
URL: https://github.com/apache/hadoop/pull/6510#issuecomment-1940175968

   Merged. Thank you all.




> RBF: Implement RouterObserverReadConfiguredFailoverProxyProvider
> 
>
> Key: HDFS-17362
> URL: https://issues.apache.org/jira/browse/HDFS-17362
> Project: Hadoop HDFS
>  Issue Type: Task
>Reporter: Takanobu Asanuma
>Assignee: Takanobu Asanuma
>Priority: Major
>  Labels: pull-request-available
>
> Currently, RouterObserverReadProxyProvider is using IPFailoverProxyProvider, 
> while ObserverReadProxyProvider is using ConfiguredFailoverProxyProvider.  If 
> we are to align RouterObserverReadProxyProvider with 
> ObserverReadProxyProvider, RouterObserverReadProxyProvider should internally 
> use ConfiguredFailoverProxyProvider.  Moreover, IPFailoverProxyProvider has 
> an issue with resolving HA configurations. (For example, 
> IPFailoverProxyProvider cannot resolve hdfs://router-service.)



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

-
To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org

[jira] [Commented] (HDFS-17362) RBF: Implement RouterObserverReadConfiguredFailoverProxyProvider

2024-02-12 Thread ASF GitHub Bot (Jira)



[ 
https://issues.apache.org/jira/browse/HDFS-17362?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17816845#comment-17816845
 ] 

ASF GitHub Bot commented on HDFS-17362:
---

tasanuma merged PR #6510:
URL: https://github.com/apache/hadoop/pull/6510




> RBF: Implement RouterObserverReadConfiguredFailoverProxyProvider
> 
>
> Key: HDFS-17362
> URL: https://issues.apache.org/jira/browse/HDFS-17362
> Project: Hadoop HDFS
>  Issue Type: Task
>Reporter: Takanobu Asanuma
>Assignee: Takanobu Asanuma
>Priority: Major
>  Labels: pull-request-available
>
> Currently, RouterObserverReadProxyProvider is using IPFailoverProxyProvider, 
> while ObserverReadProxyProvider is using ConfiguredFailoverProxyProvider.  If 
> we are to align RouterObserverReadProxyProvider with 
> ObserverReadProxyProvider, RouterObserverReadProxyProvider should internally 
> use ConfiguredFailoverProxyProvider.  Moreover, IPFailoverProxyProvider has 
> an issue with resolving HA configurations. (For example, 
> IPFailoverProxyProvider cannot resolve hdfs://router-service.)



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

-
To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org

[jira] [Commented] (HDFS-17372) CommandProcessingThread#queue should use LinkedBlockingDeque to prevent high priority command blocked by low priority command

2024-02-12 Thread ASF GitHub Bot (Jira)



[ 
https://issues.apache.org/jira/browse/HDFS-17372?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17816839#comment-17816839
 ] 

ASF GitHub Bot commented on HDFS-17372:
---

hfutatzhanghb commented on PR #6530:
URL: https://github.com/apache/hadoop/pull/6530#issuecomment-1939988318

   > DatanodeManager#handleHeartbeat
   
   Hi, sir. I have some doubts that what should we do if we add new CMD type 
here?  The access key update cmd will not be the last two in array.




> CommandProcessingThread#queue should use LinkedBlockingDeque to prevent high 
> priority command blocked by low priority command
> -
>
> Key: HDFS-17372
> URL: https://issues.apache.org/jira/browse/HDFS-17372
> Project: Hadoop HDFS
>  Issue Type: Improvement
>Reporter: farmmamba
>Assignee: farmmamba
>Priority: Major
>  Labels: pull-request-available
>




--
This message was sent by Atlassian Jira
(v8.20.10#820010)

-
To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org

[jira] [Commented] (HDFS-17377) Long Standing High Risk CVE in Hadoop

2024-02-12 Thread Prathap Sagar S (Jira)



[ 
https://issues.apache.org/jira/browse/HDFS-17377?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17816629#comment-17816629
 ] 

Prathap Sagar S commented on HDFS-17377:


[~ste...@apache.org] Can you point me to where the protobuf dependency is 
coming from in the hbase timeline server. I will have a look into it. 

> Long Standing High Risk CVE in Hadoop
> -
>
> Key: HDFS-17377
> URL: https://issues.apache.org/jira/browse/HDFS-17377
> Project: Hadoop HDFS
>  Issue Type: Improvement
>Affects Versions: 3.4.0
>Reporter: Prathap Sagar S
>Priority: Major
> Attachments: HADOOP_CVE_LIST.xlsx
>
>
> Our ongoing security scans are turning up several long-standing CVEs, even in 
> the most recent version of Hadoop, which is making it difficult for us to use 
> Hadoop in our echo system. A comprehensive list of all the long-standing CVEs 
> and the JARs holding them is attached. I'm asking for community assistance to 
> address these high-risk vulnerabilities as soon as possible.
>  
> |Vulnerability ID|Severity|Package name|Package version|Package type|Package 
> path|Package suggested fix|
> |CVE-2023-2976|High|com.google.guava:guava|30.1.1-jre|java|/hadoop-3.4.0/share/hadoop/common/lib/hadoop-shaded-guava-1.1.1.jar|v32.0.0-android|
> |CVE-2023-2976|High|com.google.guava:guava|30.1.1-jre|java|/hadoop-3.4.0/share/hadoop/client/hadoop-client-runtime-3.4.0-SNAPSHOT.jar|v32.0.0-android|
> |CVE-2023-2976|High|com.google.guava:guava|12.0.1|java|/hadoop-3.4.0/share/hadoop/yarn/timelineservice/lib/guava-12.0.1.jar|v32.0.0-android|
> |CVE-2023-2976|High|com.google.guava:guava|27.0-jre|java|/hadoop-3.4.0/share/hadoop/hdfs/lib/guava-27.0-jre.jar|v32.0.0-android|
> |CVE-2023-2976|High|com.google.guava:guava|27.0-jre|java|/hadoop-3.4.0/share/hadoop/common/lib/guava-27.0-jre.jar|v32.0.0-android|
> |CVE-2023-2976|High|com.google.guava:guava|30.1.1-jre|java|/hadoop-3.4.0/share/hadoop/hdfs/lib/hadoop-shaded-guava-1.1.1.jar|v32.0.0-android|
> |CVE-2022-25647|High|com.google.code.gson:gson|2.8.5|java|/hadoop-3.4.0/share/hadoop/yarn/timelineservice/lib/hbase-shaded-gson-3.0.0.jar|v2.8.9|
> |CVE-2022-3171|High|com.google.protobuf:protobuf-java|3.7.1|java|/hadoop-3.4.0/share/hadoop/client/hadoop-client-runtime-3.4.0-SNAPSHOT.jar|v3.16.3|
> |CVE-2022-3171|High|com.google.protobuf:protobuf-java|2.5.0|java|/hadoop-3.4.0/share/hadoop/yarn/lib/protobuf-java-2.5.0.jar|v3.16.3|
> |CVE-2022-3171|High|com.google.protobuf:protobuf-java|3.7.1|java|/hadoop-3.4.0/share/hadoop/common/lib/hadoop-shaded-guava-1.1.1.jar|v3.16.3|
> |CVE-2022-3171|High|com.google.protobuf:protobuf-java|3.7.1|java|/hadoop-3.4.0/share/hadoop/common/lib/hadoop-shaded-protobuf_3_7-1.1.1.jar|v3.16.3|
> |CVE-2022-3509|High|com.google.protobuf:protobuf-java|2.5.0|java|/hadoop-3.4.0/share/hadoop/yarn/lib/protobuf-java-2.5.0.jar|v3.16.3|
> |CVE-2022-3509|High|com.google.protobuf:protobuf-java|3.7.1|java|/hadoop-3.4.0/share/hadoop/client/hadoop-client-runtime-3.4.0-SNAPSHOT.jar|v3.16.3|
> |CVE-2022-3509|High|com.google.protobuf:protobuf-java|3.7.1|java|/hadoop-3.4.0/share/hadoop/hdfs/lib/hadoop-shaded-protobuf_3_7-1.1.1.jar|v3.16.3|
> |CVE-2022-3509|High|com.google.protobuf:protobuf-java|3.7.1|java|/hadoop-3.4.0/share/hadoop/common/lib/hadoop-shaded-protobuf_3_7-1.1.1.jar|v3.16.3|
> |CVE-2022-3510|High|com.google.protobuf:protobuf-java|3.7.1|java|/hadoop-3.4.0/share/hadoop/hdfs/lib/hadoop-shaded-protobuf_3_7-1.1.1.jar|v3.16.3|
> |CVE-2022-3510|High|com.google.protobuf:protobuf-java|3.7.1|java|/hadoop-3.4.0/share/hadoop/common/lib/hadoop-shaded-protobuf_3_7-1.1.1.jar|v3.16.3|
> |CVE-2022-3510|High|com.google.protobuf:protobuf-java|3.7.1|java|/hadoop-3.4.0/share/hadoop/client/hadoop-client-runtime-3.4.0-SNAPSHOT.jar|v3.16.3|
> |CVE-2022-3510|High|com.google.protobuf:protobuf-java|2.5.0|java|/hadoop-3.4.0/share/hadoop/yarn/lib/protobuf-java-2.5.0.jar|v3.16.3|
> |CVE-2023-39410|High|org.apache.avro:avro|1.9.2|java|/hadoop-3.4.0/share/hadoop/hdfs/lib/avro-1.9.2.jar|v1.11.3|
> |CVE-2023-39410|High|org.apache.avro:avro|1.9.2|java|/hadoop-3.4.0/share/hadoop/client/hadoop-client-runtime-3.4.0-SNAPSHOT.jar|v1.11.3|
> |CVE-2023-39410|High|org.apache.avro:avro|1.9.2|java|/hadoop-3.4.0/share/hadoop/common/lib/avro-1.9.2.jar|v1.11.3|
> |CVE-2021-22570|Medium|com.google.protobuf:protobuf-java|3.7.1|java|/hadoop-3.4.0/share/hadoop/client/hadoop-client-runtime-3.4.0-SNAPSHOT.jar|v3.16.3|
> |CVE-2021-22570|Medium|com.google.protobuf:protobuf-java|2.5.0|java|/hadoop-3.4.0/share/hadoop/yarn/lib/protobuf-java-2.5.0.jar|v3.16.3|
> |CVE-2021-22570|Medium|com.google.protobuf:protobuf-java|3.7.1|java|/hadoop-3.4.0/share/hadoop/hdfs/lib/hadoop-shaded-protobuf_3_7-1.1.1.jar|v3.16.3|
>

[jira] [Commented] (HDFS-17377) Long Standing High Risk CVE in Hadoop

2024-02-12 Thread Steve Loughran (Jira)



[ 
https://issues.apache.org/jira/browse/HDFS-17377?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17816588#comment-17816588
 ] 

Steve Loughran commented on HDFS-17377:
---

[~prathapsagars] thank you very much for doing this against 3.4.0. we've 
actually just done a release of the hadoop-third-party jar for the forthcoming 
3.4.0 RC2 (this week!), with a goal of a future backport to 3.3.9.
it's list of artifacts is
https://github.com/apache/hadoop-thirdparty/blob/trunk/LICENSE-binary#L205

{code}
com.google.guava:guava:jar:32.0.1-jre
com.google.j2objc:j2objc-annotations:1.3
com.google.errorprone:error_prone_annotations:2.5.1
org.apache.avro:avro:1.11.3
com.google.protobuf:protobuf-java:3.21.12
org.checkerframework:checker-qual:jar:3.8.0
{code}

Regarding others, this is an eternal source of pain; i've tried to document it 
before: https://steveloughran.blogspot.com/2022/08/transitive-issues.html

we have (especially pjfanning has, to give credit) put a lot of effort to try 
and upgrade things without breaking downstream applications. We've had to do 
things with reflection, build our own releases of dependencies to move off 
jackson 1.x and more. I also think I'd never to want to use Guava in a project 
ever again. We've actually been re-implenting bits of it (Preconditions, sets) 
or wrapping it (rate limiting) to isolate it better.


{code}
./share/hadoop/tools/lib/wildfly-openssl-1.1.3.Final.jar
./share/hadoop/tools/lib/kafka-clients-2.8.2.jar
./share/hadoop/tools/lib/ini4j-0.5.4.jar
./share/hadoop/tools/lib/aliyun-java-sdk-kms-2.11.0.jar
./share/hadoop/tools/lib/aliyun-sdk-oss-3.13.2.jar
./share/hadoop/tools/lib/opentracing-api-0.33.0.jar
./share/hadoop/tools/lib/hadoop-federation-balance-3.4.1-SNAPSHOT.jar
./share/hadoop/tools/lib/hadoop-minicluster-3.4.1-SNAPSHOT.jar
./share/hadoop/tools/lib/azure-data-lake-store-sdk-2.3.9.jar
./share/hadoop/tools/lib/jdk.tools-1.8.jar
./share/hadoop/tools/lib/hadoop-rumen-3.4.1-SNAPSHOT.jar
./share/hadoop/tools/lib/hadoop-datajoin-3.4.1-SNAPSHOT.jar
./share/hadoop/tools/lib/aliyun-java-sdk-ram-3.1.0.jar
./share/hadoop/tools/lib/hadoop-dynamometer-blockgen-3.4.1-SNAPSHOT.jar
./share/hadoop/tools/lib/azure-keyvault-core-1.0.0.jar
./share/hadoop/tools/lib/junit-4.13.2.jar
./share/hadoop/tools/lib/hadoop-sls-3.4.1-SNAPSHOT.jar
./share/hadoop/tools/lib/hadoop-resourceestimator-3.4.1-SNAPSHOT.jar
./share/hadoop/tools/lib/opentracing-noop-0.33.0.jar
./share/hadoop/tools/lib/hadoop-archive-logs-3.4.1-SNAPSHOT.jar
./share/hadoop/tools/lib/org.jacoco.agent-0.8.5-runtime.jar
./share/hadoop/tools/lib/hadoop-fs2img-3.4.1-SNAPSHOT.jar
./share/hadoop/tools/lib/hadoop-gridmix-3.4.1-SNAPSHOT.jar
./share/hadoop/tools/lib/lz4-java-1.7.1.jar
./share/hadoop/tools/lib/hadoop-distcp-3.4.1-SNAPSHOT.jar
./share/hadoop/tools/lib/hadoop-azure-3.4.1-SNAPSHOT.jar
./share/hadoop/tools/lib/hadoop-dynamometer-infra-3.4.1-SNAPSHOT.jar
./share/hadoop/tools/lib/hadoop-archives-3.4.1-SNAPSHOT.jar
./share/hadoop/tools/lib/azure-storage-7.0.1.jar
./share/hadoop/tools/lib/hamcrest-core-1.3.jar
./share/hadoop/tools/lib/bundle-2.23.19.jar
./share/hadoop/tools/lib/hadoop-streaming-3.4.1-SNAPSHOT.jar
./share/hadoop/tools/lib/hadoop-azure-datalake-3.4.1-SNAPSHOT.jar
./share/hadoop/tools/lib/hadoop-client-3.4.1-SNAPSHOT.jar
./share/hadoop/tools/lib/opentracing-util-0.33.0.jar
./share/hadoop/tools/lib/hadoop-kafka-3.4.1-SNAPSHOT.jar
./share/hadoop/tools/lib/aliyun-java-sdk-core-4.5.10.jar
./share/hadoop/tools/lib/hadoop-aliyun-3.4.1-SNAPSHOT.jar
./share/hadoop/tools/lib/zstd-jni-1.4.9-1.jar
./share/hadoop/tools/lib/jdom2-2.0.6.1.jar
./share/hadoop/tools/lib/ojalgo-43.0.jar
./share/hadoop/tools/lib/hadoop-extras-3.4.1-SNAPSHOT.jar
./share/hadoop/tools/lib/hadoop-aws-3.4.1-SNAPSHOT.jar
./share/hadoop/tools/lib/hadoop-dynamometer-workload-3.4.1-SNAPSHOT.jar
./share/hadoop/tools/sources/hadoop-extras-3.4.1-SNAPSHOT-test-sources.jar
./share/hadoop/tools/sources/hadoop-federation-balance-3.4.1-SNAPSHOT-test-sources.jar
./share/hadoop/tools/sources/hadoop-streaming-3.4.1-SNAPSHOT-sources.jar
./share/hadoop/tools/sources/hadoop-archives-3.4.1-SNAPSHOT-sources.jar
./share/hadoop/tools/sources/hadoop-distcp-3.4.1-SNAPSHOT-test-sources.jar
./share/hadoop/tools/sources/hadoop-streaming-3.4.1-SNAPSHOT-test-sources.jar
./share/hadoop/tools/sources/hadoop-distcp-3.4.1-SNAPSHOT-sources.jar
./share/hadoop/tools/sources/hadoop-dynamometer-infra-3.4.1-SNAPSHOT-test-sources.jar
./share/hadoop/tools/sources/hadoop-dynamometer-workload-3.4.1-SNAPSHOT-test-sources.jar
./share/hadoop/tools/sources/hadoop-rumen-3.4.1-SNAPSHOT-sources.jar
./share/hadoop/tools/sources/hadoop-sls-3.4.1-SNAPSHOT-sources.jar
./share/hadoop/tools/sources/hadoop-rumen-3.4.1-SNAPSHOT-test-sources.jar
./share/hadoop/tools/sources/hadoop-dynamometer-blockgen-3.4.1-SNAPSHOT-test-sources.jar
./share/hadoop/tools/sources/hadoop-gridmix-3.4.1-SNAPSHOT-test-sources.jar

[jira] [Commented] (HDFS-17377) Long Standing High Risk CVE in Hadoop

2024-02-12 Thread Steve Loughran (Jira)



[ 
https://issues.apache.org/jira/browse/HDFS-17377?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17816577#comment-17816577
 ] 

Steve Loughran commented on HDFS-17377:
---

how is protobuf 2.5 getting in to yarn? i thought I'd purged that. maybe it is 
coming in through the hbase timeline server

> Long Standing High Risk CVE in Hadoop
> -
>
> Key: HDFS-17377
> URL: https://issues.apache.org/jira/browse/HDFS-17377
> Project: Hadoop HDFS
>  Issue Type: Improvement
>Affects Versions: 3.4.0
>Reporter: Prathap Sagar S
>Priority: Major
> Attachments: HADOOP_CVE_LIST.xlsx
>
>
> Our ongoing security scans are turning up several long-standing CVEs, even in 
> the most recent version of Hadoop, which is making it difficult for us to use 
> Hadoop in our echo system. A comprehensive list of all the long-standing CVEs 
> and the JARs holding them is attached. I'm asking for community assistance to 
> address these high-risk vulnerabilities as soon as possible.
>  
> |Vulnerability ID|Severity|Package name|Package version|Package type|Package 
> path|Package suggested fix|
> |CVE-2023-2976|High|com.google.guava:guava|30.1.1-jre|java|/hadoop-3.4.0/share/hadoop/common/lib/hadoop-shaded-guava-1.1.1.jar|v32.0.0-android|
> |CVE-2023-2976|High|com.google.guava:guava|30.1.1-jre|java|/hadoop-3.4.0/share/hadoop/client/hadoop-client-runtime-3.4.0-SNAPSHOT.jar|v32.0.0-android|
> |CVE-2023-2976|High|com.google.guava:guava|12.0.1|java|/hadoop-3.4.0/share/hadoop/yarn/timelineservice/lib/guava-12.0.1.jar|v32.0.0-android|
> |CVE-2023-2976|High|com.google.guava:guava|27.0-jre|java|/hadoop-3.4.0/share/hadoop/hdfs/lib/guava-27.0-jre.jar|v32.0.0-android|
> |CVE-2023-2976|High|com.google.guava:guava|27.0-jre|java|/hadoop-3.4.0/share/hadoop/common/lib/guava-27.0-jre.jar|v32.0.0-android|
> |CVE-2023-2976|High|com.google.guava:guava|30.1.1-jre|java|/hadoop-3.4.0/share/hadoop/hdfs/lib/hadoop-shaded-guava-1.1.1.jar|v32.0.0-android|
> |CVE-2022-25647|High|com.google.code.gson:gson|2.8.5|java|/hadoop-3.4.0/share/hadoop/yarn/timelineservice/lib/hbase-shaded-gson-3.0.0.jar|v2.8.9|
> |CVE-2022-3171|High|com.google.protobuf:protobuf-java|3.7.1|java|/hadoop-3.4.0/share/hadoop/client/hadoop-client-runtime-3.4.0-SNAPSHOT.jar|v3.16.3|
> |CVE-2022-3171|High|com.google.protobuf:protobuf-java|2.5.0|java|/hadoop-3.4.0/share/hadoop/yarn/lib/protobuf-java-2.5.0.jar|v3.16.3|
> |CVE-2022-3171|High|com.google.protobuf:protobuf-java|3.7.1|java|/hadoop-3.4.0/share/hadoop/common/lib/hadoop-shaded-guava-1.1.1.jar|v3.16.3|
> |CVE-2022-3171|High|com.google.protobuf:protobuf-java|3.7.1|java|/hadoop-3.4.0/share/hadoop/common/lib/hadoop-shaded-protobuf_3_7-1.1.1.jar|v3.16.3|
> |CVE-2022-3509|High|com.google.protobuf:protobuf-java|2.5.0|java|/hadoop-3.4.0/share/hadoop/yarn/lib/protobuf-java-2.5.0.jar|v3.16.3|
> |CVE-2022-3509|High|com.google.protobuf:protobuf-java|3.7.1|java|/hadoop-3.4.0/share/hadoop/client/hadoop-client-runtime-3.4.0-SNAPSHOT.jar|v3.16.3|
> |CVE-2022-3509|High|com.google.protobuf:protobuf-java|3.7.1|java|/hadoop-3.4.0/share/hadoop/hdfs/lib/hadoop-shaded-protobuf_3_7-1.1.1.jar|v3.16.3|
> |CVE-2022-3509|High|com.google.protobuf:protobuf-java|3.7.1|java|/hadoop-3.4.0/share/hadoop/common/lib/hadoop-shaded-protobuf_3_7-1.1.1.jar|v3.16.3|
> |CVE-2022-3510|High|com.google.protobuf:protobuf-java|3.7.1|java|/hadoop-3.4.0/share/hadoop/hdfs/lib/hadoop-shaded-protobuf_3_7-1.1.1.jar|v3.16.3|
> |CVE-2022-3510|High|com.google.protobuf:protobuf-java|3.7.1|java|/hadoop-3.4.0/share/hadoop/common/lib/hadoop-shaded-protobuf_3_7-1.1.1.jar|v3.16.3|
> |CVE-2022-3510|High|com.google.protobuf:protobuf-java|3.7.1|java|/hadoop-3.4.0/share/hadoop/client/hadoop-client-runtime-3.4.0-SNAPSHOT.jar|v3.16.3|
> |CVE-2022-3510|High|com.google.protobuf:protobuf-java|2.5.0|java|/hadoop-3.4.0/share/hadoop/yarn/lib/protobuf-java-2.5.0.jar|v3.16.3|
> |CVE-2023-39410|High|org.apache.avro:avro|1.9.2|java|/hadoop-3.4.0/share/hadoop/hdfs/lib/avro-1.9.2.jar|v1.11.3|
> |CVE-2023-39410|High|org.apache.avro:avro|1.9.2|java|/hadoop-3.4.0/share/hadoop/client/hadoop-client-runtime-3.4.0-SNAPSHOT.jar|v1.11.3|
> |CVE-2023-39410|High|org.apache.avro:avro|1.9.2|java|/hadoop-3.4.0/share/hadoop/common/lib/avro-1.9.2.jar|v1.11.3|
> |CVE-2021-22570|Medium|com.google.protobuf:protobuf-java|3.7.1|java|/hadoop-3.4.0/share/hadoop/client/hadoop-client-runtime-3.4.0-SNAPSHOT.jar|v3.16.3|
> |CVE-2021-22570|Medium|com.google.protobuf:protobuf-java|2.5.0|java|/hadoop-3.4.0/share/hadoop/yarn/lib/protobuf-java-2.5.0.jar|v3.16.3|
> |CVE-2021-22570|Medium|com.google.protobuf:protobuf-java|3.7.1|java|/hadoop-3.4.0/share/hadoop/hdfs/lib/hadoop-shaded-protobuf_3_7-1.1.1.jar|v3.16.3|
> |CVE-2021-22570|Medium|com.google.protobuf:protobuf-java|3.7.1|java|/hadoop-3.4.0/share/hadoop/common/lib/hadoop-shaded-protobuf_3_7-1.1.1.jar|v3.16.3|
>

[jira] [Updated] (HDFS-12696) BlockPoolManager#startAll is called twice during DataNode startup

[jira] [Updated] (HDFS-17362) RBF: Implement RouterObserverReadConfiguredFailoverProxyProvider

[jira] [Commented] (HDFS-17362) RBF: Implement RouterObserverReadConfiguredFailoverProxyProvider

[jira] [Commented] (HDFS-17362) RBF: Implement RouterObserverReadConfiguredFailoverProxyProvider

[jira] [Commented] (HDFS-17372) CommandProcessingThread#queue should use LinkedBlockingDeque to prevent high priority command blocked by low priority command

[jira] [Commented] (HDFS-17377) Long Standing High Risk CVE in Hadoop

[jira] [Commented] (HDFS-17377) Long Standing High Risk CVE in Hadoop

[jira] [Commented] (HDFS-17377) Long Standing High Risk CVE in Hadoop

8 matches

Site Navigation

Mail list logo

Footer information