Thanks for the super helpful response Ayush. That gave me all the answers I
needed.
Dan
On Fri, Dec 15, 2023 at 11:06 AM Ayush Saxena wrote:
> Hi Dan,
> We usually get a new thirdparty release before the main hadoop
> release, so the newer commits part of hadoop-thirdparty would most
> probably
Hi Dan,
We usually get a new thirdparty release before the main hadoop
release, so the newer commits part of hadoop-thirdparty would most
probably be released and would be part of the next 3.4.0 or 3.3.x
release, supposedly to happen in early of next year.
Regarding the guava stuff, we use the sha
Hello Hadoop Devs--
I have a question about the hadoop-thirdparty repository.
Recent commits have addressed a couple CVEs for packages used in
hadoop-thirdparty. CVE-2023-39410 for avro was addressed by
https://github.com/apache/hadoop-thirdparty/commit/910f2c9 and
CVE-2023-2976 for guava was add
