+1 (binding) * Signature: ok * Checksum : passed * Rat check (1.8.0_191): passed - mvn clean apache-rat:check * Built from source (1.8.0_191): failed - mvn clean install -DskipTests - mvn -fae --no-transfer-progress -DskipTests -Dmaven.javadoc.skip=true -Pnative -Drequire.openssl -Drequire.snappy -Drequire.valgrind -Drequire.zstd -Drequire.test.libhadoop clean install * Unit tests pass (1.8.0_191): - HDFS Tests passed (Didn't run more than this).
Deployed a ten node ha hdfs cluster with three namenodes and five journalnodes. Ran a ten node hbase (older version of 2.5 branch built against 3.3.2) against it. Tried a small verification job. Good. Ran a bigger job with mild chaos. All seems to be working properly (recoveries, logs look fine). Killed a namenode. Failover worked promptly. UIs look good. Poked at the hdfs cli. Seems good. S On Tue, May 3, 2022 at 4:24 AM Steve Loughran <ste...@cloudera.com.invalid> wrote: > I have put together a release candidate (rc0) for Hadoop 3.3.3 > > The RC is available at: > https://dist.apache.org/repos/dist/dev/hadoop/3.3.3-RC0/ > > The git tag is release-3.3.3-RC0, commit d37586cbda3 > > The maven artifacts are staged at > https://repository.apache.org/content/repositories/orgapachehadoop-1348/ > > You can find my public key at: > https://dist.apache.org/repos/dist/release/hadoop/common/KEYS > > Change log > https://dist.apache.org/repos/dist/dev/hadoop/3.3.3-RC0/CHANGELOG.md > > Release notes > https://dist.apache.org/repos/dist/dev/hadoop/3.3.3-RC0/RELEASENOTES.md > > There's a very small number of changes, primarily critical code/packaging > issues and security fixes. > > > - The critical fixes which shipped in the 3.2.3 release. > - CVEs in our code and dependencies > - Shaded client packaging issues. > - A switch from log4j to reload4j > > > reload4j is an active fork of the log4j 1.17 library with the classes which > contain CVEs removed. Even though hadoop never used those classes, they > regularly raised alerts on security scans and concen from users. Switching > to the forked project allows us to ship a secure logging framework. It will > complicate the builds of downstream maven/ivy/gradle projects which exclude > our log4j artifacts, as they need to cut the new dependency instead/as > well. > > See the release notes for details. > > This is my first release through the new docker build process, do please > validate artifact signing &c to make sure it is good. I'll be trying builds > of downstream projects. > > We know there are some outstanding issues with at least one library we are > shipping (okhttp), but I don't want to hold this release up for it. If the > docker based release process works smoothly enough we can do a followup > security release in a few weeks. > > Please try the release and vote. The vote will run for 5 days. > > -Steve >