Hi Edward, Sorry these have not been reviewed yet. I'm sure this is due to limited committer bandwidth. For myself, I definitely have it in my queue to get back to reviewing #8177. Right now though, I'm completely focused on resolving 3.5.0 release blockers and setting us up with a release candidate to review.
If any non-committers have time for a review pass, that would be another way to give these pull requests an initial boost. All the help is appreciated! Chris Nauroth On Tue, Feb 3, 2026 at 2:12 PM Edward Capriolo <[email protected]> wrote: > Yellow elephant friends. Can I get a sponsor to review? I am chomping at > the bit you know. I used all my free AI credits to make the "MUSL hadoop" > logo. Got to get the PRS merged : > > [image: output.jpg] > > On Fri, Jan 23, 2026 at 8:59 AM Edward Capriolo <[email protected]> > wrote: > >> Hey friends, I have been busy. Please when you can take a look at these >> things. The two related to my best friend "container executor" are c. IF >> that scares you like it scared me I annotated the PR so it is hopefully >> less scary. >> >> >> Less vulnerabilities. a win for hadoop security! >> https://github.com/apache/hadoop/pull/8188 >> >> Code is not portable and not correct. I annotated the PR with comments so >> non c people can understand why >> https://github.com/apache/hadoop/pull/8177 >> >> The owasp plugin (the thing that helps you detect vulnerable code) is >> old and doesnt work >> https://github.com/apache/hadoop/pull/8186 >> >> In my estimation the container executor has another leak, I also do not >> see how it works at all with the premissions it sets, maybe everyone is >> running foks or patches? The code is refined and you can see that the >> method in question is not called during the test suite. hence my added tests >> >> https://github.com/apache/hadoop/pull/8184 >> >> >>
