This is an automated email from the ASF dual-hosted git repository.
epugh pushed a commit to branch branch_9x
in repository https://gitbox.apache.org/repos/asf/solr.git
The following commit(s) were added to refs/heads/branch_9x by this push:
new cb340f0629e Update hadoop to 3.4.1 to resolve CVE (#3485)
cb340f0629e is described below
commit cb340f0629e7ccdc0fef33012104c949144cbc6d
Author: Eric Pugh <[email protected]>
AuthorDate: Tue Aug 19 08:36:04 2025 -0400
Update hadoop to 3.4.1 to resolve CVE (#3485)
Fixes CVE-2023-39410, CVE-2024-23454, CVE-2023-2976
---
solr/licenses/hadoop-annotations-3.4.0.jar.sha1 | 1 -
solr/licenses/hadoop-annotations-3.4.1.jar.sha1 | 1 +
solr/licenses/hadoop-auth-3.4.0.jar.sha1 | 1 -
solr/licenses/hadoop-auth-3.4.1.jar.sha1 | 1 +
solr/licenses/hadoop-client-api-3.4.0.jar.sha1 | 1 -
solr/licenses/hadoop-client-api-3.4.1.jar.sha1 | 1 +
solr/licenses/hadoop-client-minicluster-3.4.0.jar.sha1 | 1 -
solr/licenses/hadoop-client-minicluster-3.4.1.jar.sha1 | 1 +
solr/licenses/hadoop-client-runtime-3.4.0.jar.sha1 | 1 -
solr/licenses/hadoop-client-runtime-3.4.1.jar.sha1 | 1 +
solr/licenses/hadoop-common-3.4.0.jar.sha1 | 1 -
solr/licenses/hadoop-common-3.4.1.jar.sha1 | 1 +
solr/licenses/hadoop-hdfs-3.4.0-tests.jar.sha1 | 1 -
solr/licenses/hadoop-hdfs-3.4.0.jar.sha1 | 1 -
solr/licenses/hadoop-hdfs-3.4.1-tests.jar.sha1 | 1 +
solr/licenses/hadoop-hdfs-3.4.1.jar.sha1 | 1 +
solr/licenses/hadoop-minikdc-3.4.0.jar.sha1 | 1 -
solr/licenses/hadoop-minikdc-3.4.1.jar.sha1 | 1 +
versions.lock | 18 +++++++++---------
versions.props | 2 +-
20 files changed, 19 insertions(+), 19 deletions(-)
diff --git a/solr/licenses/hadoop-annotations-3.4.0.jar.sha1
b/solr/licenses/hadoop-annotations-3.4.0.jar.sha1
deleted file mode 100644
index 44880116ccb..00000000000
--- a/solr/licenses/hadoop-annotations-3.4.0.jar.sha1
+++ /dev/null
@@ -1 +0,0 @@
-612302e6e385d7e6a62bc0129dbc58689f8c7b2b
diff --git a/solr/licenses/hadoop-annotations-3.4.1.jar.sha1
b/solr/licenses/hadoop-annotations-3.4.1.jar.sha1
new file mode 100644
index 00000000000..445f82e494d
--- /dev/null
+++ b/solr/licenses/hadoop-annotations-3.4.1.jar.sha1
@@ -0,0 +1 @@
+f3deae4653e35daff2362089bc42a90398ed16b3
diff --git a/solr/licenses/hadoop-auth-3.4.0.jar.sha1
b/solr/licenses/hadoop-auth-3.4.0.jar.sha1
deleted file mode 100644
index 0933800fb77..00000000000
--- a/solr/licenses/hadoop-auth-3.4.0.jar.sha1
+++ /dev/null
@@ -1 +0,0 @@
-6f5ab3a46b3d2734c0ae4d6338f0be3529efe083
diff --git a/solr/licenses/hadoop-auth-3.4.1.jar.sha1
b/solr/licenses/hadoop-auth-3.4.1.jar.sha1
new file mode 100644
index 00000000000..8ba0273187d
--- /dev/null
+++ b/solr/licenses/hadoop-auth-3.4.1.jar.sha1
@@ -0,0 +1 @@
+6f107159c412d30a190104a8f5dabec62f60b802
diff --git a/solr/licenses/hadoop-client-api-3.4.0.jar.sha1
b/solr/licenses/hadoop-client-api-3.4.0.jar.sha1
deleted file mode 100644
index 6f3d8ba0f89..00000000000
--- a/solr/licenses/hadoop-client-api-3.4.0.jar.sha1
+++ /dev/null
@@ -1 +0,0 @@
-14b26fbacedff53bc10eebc1fddface4f1f655af
diff --git a/solr/licenses/hadoop-client-api-3.4.1.jar.sha1
b/solr/licenses/hadoop-client-api-3.4.1.jar.sha1
new file mode 100644
index 00000000000..cd31c20fd9d
--- /dev/null
+++ b/solr/licenses/hadoop-client-api-3.4.1.jar.sha1
@@ -0,0 +1 @@
+7e4cfae7f5c85cffdbc21fdf749262fc78d4463a
diff --git a/solr/licenses/hadoop-client-minicluster-3.4.0.jar.sha1
b/solr/licenses/hadoop-client-minicluster-3.4.0.jar.sha1
deleted file mode 100644
index 22656693fa1..00000000000
--- a/solr/licenses/hadoop-client-minicluster-3.4.0.jar.sha1
+++ /dev/null
@@ -1 +0,0 @@
-a1af909b1cb220c0f81224b2241c4a0aa2860ee6
diff --git a/solr/licenses/hadoop-client-minicluster-3.4.1.jar.sha1
b/solr/licenses/hadoop-client-minicluster-3.4.1.jar.sha1
new file mode 100644
index 00000000000..7a4835d61f1
--- /dev/null
+++ b/solr/licenses/hadoop-client-minicluster-3.4.1.jar.sha1
@@ -0,0 +1 @@
+280b1307396459b61079e80c5fc67a5ff1738287
diff --git a/solr/licenses/hadoop-client-runtime-3.4.0.jar.sha1
b/solr/licenses/hadoop-client-runtime-3.4.0.jar.sha1
deleted file mode 100644
index 5b15d693af4..00000000000
--- a/solr/licenses/hadoop-client-runtime-3.4.0.jar.sha1
+++ /dev/null
@@ -1 +0,0 @@
-de1ed42503ec64b84a91b330fdd2ed508b6f9df8
diff --git a/solr/licenses/hadoop-client-runtime-3.4.1.jar.sha1
b/solr/licenses/hadoop-client-runtime-3.4.1.jar.sha1
new file mode 100644
index 00000000000..b0664fb3f64
--- /dev/null
+++ b/solr/licenses/hadoop-client-runtime-3.4.1.jar.sha1
@@ -0,0 +1 @@
+30ec07ceccb224b2ef17af34fbb593bff3e9e071
diff --git a/solr/licenses/hadoop-common-3.4.0.jar.sha1
b/solr/licenses/hadoop-common-3.4.0.jar.sha1
deleted file mode 100644
index 00248c5160a..00000000000
--- a/solr/licenses/hadoop-common-3.4.0.jar.sha1
+++ /dev/null
@@ -1 +0,0 @@
-2b4b1694b695b31cdd8e345b6b59fd74d43a26bc
diff --git a/solr/licenses/hadoop-common-3.4.1.jar.sha1
b/solr/licenses/hadoop-common-3.4.1.jar.sha1
new file mode 100644
index 00000000000..c3bb8dbc6d4
--- /dev/null
+++ b/solr/licenses/hadoop-common-3.4.1.jar.sha1
@@ -0,0 +1 @@
+9d88de42cb87e5e17d6be936ef4f16db88cbfd25
diff --git a/solr/licenses/hadoop-hdfs-3.4.0-tests.jar.sha1
b/solr/licenses/hadoop-hdfs-3.4.0-tests.jar.sha1
deleted file mode 100644
index ef9038e9433..00000000000
--- a/solr/licenses/hadoop-hdfs-3.4.0-tests.jar.sha1
+++ /dev/null
@@ -1 +0,0 @@
-18f9797a908899efbe4e27f6d5b76420f446a695
diff --git a/solr/licenses/hadoop-hdfs-3.4.0.jar.sha1
b/solr/licenses/hadoop-hdfs-3.4.0.jar.sha1
deleted file mode 100644
index cf6f21b9017..00000000000
--- a/solr/licenses/hadoop-hdfs-3.4.0.jar.sha1
+++ /dev/null
@@ -1 +0,0 @@
-d46983ccf965bffaeab8b67713aa9442c5b7d5bf
diff --git a/solr/licenses/hadoop-hdfs-3.4.1-tests.jar.sha1
b/solr/licenses/hadoop-hdfs-3.4.1-tests.jar.sha1
new file mode 100644
index 00000000000..0201eca650f
--- /dev/null
+++ b/solr/licenses/hadoop-hdfs-3.4.1-tests.jar.sha1
@@ -0,0 +1 @@
+51427168bee8abd03ebaa7695aac372c4567d41f
diff --git a/solr/licenses/hadoop-hdfs-3.4.1.jar.sha1
b/solr/licenses/hadoop-hdfs-3.4.1.jar.sha1
new file mode 100644
index 00000000000..807441d5969
--- /dev/null
+++ b/solr/licenses/hadoop-hdfs-3.4.1.jar.sha1
@@ -0,0 +1 @@
+8545078b39e33416cb70ccef1bb22f2c88fb6b6c
diff --git a/solr/licenses/hadoop-minikdc-3.4.0.jar.sha1
b/solr/licenses/hadoop-minikdc-3.4.0.jar.sha1
deleted file mode 100644
index 3bb86c66079..00000000000
--- a/solr/licenses/hadoop-minikdc-3.4.0.jar.sha1
+++ /dev/null
@@ -1 +0,0 @@
-ec7c619e1deff5a9f2da0293fc9f5fcae66d159e
diff --git a/solr/licenses/hadoop-minikdc-3.4.1.jar.sha1
b/solr/licenses/hadoop-minikdc-3.4.1.jar.sha1
new file mode 100644
index 00000000000..f5fe7ed39a5
--- /dev/null
+++ b/solr/licenses/hadoop-minikdc-3.4.1.jar.sha1
@@ -0,0 +1 @@
+c850604be4a9ecc8616a7ebf8b8367ecb762e555
diff --git a/versions.lock b/versions.lock
index 9968a203fbb..3951f3da122 100644
--- a/versions.lock
+++ b/versions.lock
@@ -94,7 +94,7 @@ commons-cli:commons-cli:1.9.0 (2 constraints: a90fcab3)
commons-codec:commons-codec:1.17.1 (11 constraints: bb9590ef)
commons-collections:commons-collections:3.2.2 (3 constraints: 77242dac)
commons-digester:commons-digester:2.1 (1 constraints: 550fb664)
-commons-io:commons-io:2.17.0 (11 constraints: 33814afe)
+commons-io:commons-io:2.17.0 (11 constraints: 36814e01)
commons-validator:commons-validator:1.7 (1 constraints: a10a3dd2)
de.l3s.boilerpipe:boilerpipe:1.1.0 (1 constraints: 590ce401)
dev.ai4j:openai4j:0.22.0 (1 constraints: cf0ee778)
@@ -214,11 +214,11 @@ org.apache.commons:commons-text:1.12.0 (2 constraints:
651f97e5)
org.apache.curator:curator-client:5.7.0 (2 constraints: ec14cea3)
org.apache.curator:curator-framework:5.7.0 (2 constraints: 0914ad75)
org.apache.curator:curator-recipes:5.7.0 (1 constraints: 0e051936)
-org.apache.hadoop:hadoop-annotations:3.4.0 (1 constraints: 09050636)
-org.apache.hadoop:hadoop-auth:3.4.0 (1 constraints: 09050636)
-org.apache.hadoop:hadoop-client-api:3.4.0 (3 constraints: 16281b5e)
-org.apache.hadoop:hadoop-client-runtime:3.4.0 (2 constraints: 6517d242)
-org.apache.hadoop:hadoop-common:3.4.0 (1 constraints: 09050636)
+org.apache.hadoop:hadoop-annotations:3.4.1 (1 constraints: 0a050736)
+org.apache.hadoop:hadoop-auth:3.4.1 (1 constraints: 0a050736)
+org.apache.hadoop:hadoop-client-api:3.4.1 (3 constraints: 1928b25e)
+org.apache.hadoop:hadoop-client-runtime:3.4.1 (2 constraints: 67170843)
+org.apache.hadoop:hadoop-common:3.4.1 (1 constraints: 0a050736)
org.apache.hadoop.thirdparty:hadoop-shaded-guava:1.2.0 (1 constraints:
0505f635)
org.apache.httpcomponents:httpclient:4.5.14 (9 constraints: 62806342)
org.apache.httpcomponents:httpcore:4.4.16 (8 constraints: 286d4917)
@@ -472,9 +472,9 @@ net.bytebuddy:byte-buddy-agent:1.17.4 (1 constraints:
3f05423b)
net.minidev:accessors-smart:2.4.9 (1 constraints: 500a92b8)
net.minidev:json-smart:2.4.10 (1 constraints: 400e9a7c)
no.nav.security:mock-oauth2-server:0.5.10 (1 constraints: 3805333b)
-org.apache.hadoop:hadoop-client-minicluster:3.4.0 (1 constraints: 09050636)
-org.apache.hadoop:hadoop-hdfs:3.4.0 (1 constraints: 09050636)
-org.apache.hadoop:hadoop-minikdc:3.4.0 (1 constraints: 09050636)
+org.apache.hadoop:hadoop-client-minicluster:3.4.1 (1 constraints: 0a050736)
+org.apache.hadoop:hadoop-hdfs:3.4.1 (1 constraints: 0a050736)
+org.apache.hadoop:hadoop-minikdc:3.4.1 (1 constraints: 0a050736)
org.apache.kerby:kerb-admin:2.0.3 (1 constraints: 870d902f)
org.apache.kerby:kerb-client:2.0.3 (1 constraints: 870d902f)
org.apache.kerby:kerb-common:2.0.3 (3 constraints: df2506b3)
diff --git a/versions.props b/versions.props
index 0edff7c1b2e..ae5318796e2 100644
--- a/versions.props
+++ b/versions.props
@@ -45,7 +45,7 @@ org.apache.commons:commons-lang3=3.15.0
org.apache.commons:commons-math3=3.6.1
org.apache.curator:*=5.7.0
org.apache.hadoop.thirdparty:*=1.2.0
-org.apache.hadoop:*=3.4.0
+org.apache.hadoop:*=3.4.1
org.apache.httpcomponents:httpclient=4.5.14
org.apache.httpcomponents:httpcore=4.4.16
org.apache.httpcomponents:httpmime=4.5.14
