[
https://issues.apache.org/jira/browse/HADOOP-19747?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18046798#comment-18046798
]
ASF GitHub Bot commented on HADOOP-19747:
-----------------------------------------
hadoop-yetus commented on PR #8122:
URL: https://github.com/apache/hadoop/pull/8122#issuecomment-3677624673
:broken_heart: **-1 overall**
| Vote | Subsystem | Runtime | Logfile | Comment |
|:----:|----------:|--------:|:--------:|:-------:|
| +0 :ok: | reexec | 17m 35s | | Docker mode activated. |
|||| _ Prechecks _ |
| +1 :green_heart: | dupname | 0m 0s | | No case conflicting files
found. |
| +0 :ok: | codespell | 0m 0s | | codespell was not available. |
| +0 :ok: | detsecrets | 0m 0s | | detect-secrets was not available.
|
| +0 :ok: | xmllint | 0m 0s | | xmllint was not available. |
| +0 :ok: | shelldocs | 0m 0s | | Shelldocs was not available. |
| +1 :green_heart: | @author | 0m 0s | | The patch does not contain
any @author tags. |
| -1 :x: | test4tests | 0m 0s | | The patch doesn't appear to include
any new or modified tests. Please justify why no new tests are needed for this
patch. Also please list what manual steps were performed to verify this patch.
|
|||| _ trunk Compile Tests _ |
| +0 :ok: | mvndep | 10m 10s | | Maven dependency ordering for branch |
| +1 :green_heart: | mvninstall | 28m 18s | | trunk passed |
| +1 :green_heart: | compile | 17m 12s | | trunk passed with JDK
Ubuntu-21.0.7+6-Ubuntu-0ubuntu120.04 |
| +1 :green_heart: | compile | 17m 32s | | trunk passed with JDK
Ubuntu-17.0.15+6-Ubuntu-0ubuntu120.04 |
| -1 :x: | mvnsite | 9m 27s |
[/branch-mvnsite-root.txt](https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-8122/2/artifact/out/branch-mvnsite-root.txt)
| root in trunk failed. |
| -1 :x: | javadoc | 9m 6s |
[/branch-javadoc-root-jdkUbuntu-21.0.7+6-Ubuntu-0ubuntu120.04.txt](https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-8122/2/artifact/out/branch-javadoc-root-jdkUbuntu-21.0.7+6-Ubuntu-0ubuntu120.04.txt)
| root in trunk failed with JDK Ubuntu-21.0.7+6-Ubuntu-0ubuntu120.04. |
| -1 :x: | javadoc | 7m 55s |
[/branch-javadoc-root-jdkUbuntu-17.0.15+6-Ubuntu-0ubuntu120.04.txt](https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-8122/2/artifact/out/branch-javadoc-root-jdkUbuntu-17.0.15+6-Ubuntu-0ubuntu120.04.txt)
| root in trunk failed with JDK Ubuntu-17.0.15+6-Ubuntu-0ubuntu120.04. |
| +1 :green_heart: | shadedclient | 42m 30s | | branch has no errors
when building and testing our client artifacts. |
|||| _ Patch Compile Tests _ |
| +0 :ok: | mvndep | 0m 32s | | Maven dependency ordering for patch |
| +1 :green_heart: | mvninstall | 27m 4s | | the patch passed |
| +1 :green_heart: | compile | 16m 34s | | the patch passed with JDK
Ubuntu-21.0.7+6-Ubuntu-0ubuntu120.04 |
| +1 :green_heart: | javac | 16m 34s | | the patch passed |
| +1 :green_heart: | compile | 17m 28s | | the patch passed with JDK
Ubuntu-17.0.15+6-Ubuntu-0ubuntu120.04 |
| +1 :green_heart: | javac | 17m 28s | | the patch passed |
| +1 :green_heart: | blanks | 0m 0s | | The patch has no blanks
issues. |
| -1 :x: | mvnsite | 7m 10s |
[/patch-mvnsite-root.txt](https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-8122/2/artifact/out/patch-mvnsite-root.txt)
| root in the patch failed. |
| +1 :green_heart: | shellcheck | 0m 1s | | No new issues. |
| -1 :x: | javadoc | 9m 2s |
[/patch-javadoc-root-jdkUbuntu-21.0.7+6-Ubuntu-0ubuntu120.04.txt](https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-8122/2/artifact/out/patch-javadoc-root-jdkUbuntu-21.0.7+6-Ubuntu-0ubuntu120.04.txt)
| root in the patch failed with JDK Ubuntu-21.0.7+6-Ubuntu-0ubuntu120.04. |
| -1 :x: | javadoc | 7m 53s |
[/patch-javadoc-root-jdkUbuntu-17.0.15+6-Ubuntu-0ubuntu120.04.txt](https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-8122/2/artifact/out/patch-javadoc-root-jdkUbuntu-17.0.15+6-Ubuntu-0ubuntu120.04.txt)
| root in the patch failed with JDK Ubuntu-17.0.15+6-Ubuntu-0ubuntu120.04. |
| +1 :green_heart: | shadedclient | 44m 33s | | patch has no errors
when building and testing our client artifacts. |
|||| _ Other Tests _ |
| -1 :x: | unit | 757m 17s |
[/patch-unit-root.txt](https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-8122/2/artifact/out/patch-unit-root.txt)
| root in the patch passed. |
| +1 :green_heart: | asflicense | 1m 56s | | The patch does not
generate ASF License warnings. |
| | | 1020m 21s | | |
| Reason | Tests |
|-------:|:------|
| Failed junit tests | hadoop.yarn.service.TestYarnNativeServices |
| | hadoop.yarn.server.resourcemanager.TestRMHA |
| | hadoop.yarn.server.resourcemanager.webapp.TestRMWebServicesReservation
|
| |
hadoop.yarn.server.router.subcluster.fair.TestYarnFederationWithFairScheduler |
| | hadoop.yarn.sls.appmaster.TestAMSimulator |
| | hadoop.hdfs.tools.TestDFSAdmin |
| Subsystem | Report/Notes |
|----------:|:-------------|
| Docker | ClientAPI=1.52 ServerAPI=1.52 base:
https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-8122/2/artifact/out/Dockerfile
|
| GITHUB PR | https://github.com/apache/hadoop/pull/8122 |
| Optional Tests | dupname asflicense compile javac javadoc mvninstall
mvnsite unit shadedclient codespell detsecrets xmllint shellcheck shelldocs |
| uname | Linux 7e391a1eac88 5.15.0-160-generic #170-Ubuntu SMP Wed Oct 1
10:06:56 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux |
| Build tool | maven |
| Personality | dev-support/bin/hadoop.sh |
| git revision | trunk / fb824b751bed14932e851f9d893238071f331d65 |
| Default Java | Ubuntu-17.0.15+6-Ubuntu-0ubuntu120.04 |
| Multi-JDK versions |
/usr/lib/jvm/java-21-openjdk-amd64:Ubuntu-21.0.7+6-Ubuntu-0ubuntu120.04
/usr/lib/jvm/java-17-openjdk-amd64:Ubuntu-17.0.15+6-Ubuntu-0ubuntu120.04 |
| Test Results |
https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-8122/2/testReport/ |
| Max. process+thread count | 3810 (vs. ulimit of 5500) |
| modules | C: hadoop-project . U: . |
| Console output |
https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-8122/2/console |
| versions | git=2.25.1 maven=3.9.11 shellcheck=0.7.0 |
| Powered by | Apache Yetus 0.14.0 https://yetus.apache.org |
This message was automatically generated.
> switch lz4-java to at.yawk.lz4 version due to CVE
> -------------------------------------------------
>
> Key: HADOOP-19747
> URL: https://issues.apache.org/jira/browse/HADOOP-19747
> Project: Hadoop Common
> Issue Type: Bug
> Components: build, common
> Reporter: PJ Fanning
> Assignee: PJ Fanning
> Priority: Major
> Labels: pull-request-available
> Fix For: 3.5.0, 3.4.3
>
>
> https://sites.google.com/sonatype.com/vulnerabilities/cve-2025-12183
> https://github.com/search?q=repo%3Aapache%2Fhadoop%20lz4-java&type=code
> The fork jar is a drop in replacement (same package name as the original jar)
> h2. CVE notes
> The hadoop decompressor org.apache.hadoop.io.compress.lz4.Lz4Compressor
> instantiated a compressor via a call to
> {code}
> LZ4Factory.fastestInstance().safeDecompressor()
> {code}
> and so is not directly vulnerable to CVE-2025-12183.
> This update is a due diligence/maintenance update, one to keep the CVE
> scanners quiet.
> If you have come here because your CVE scanner detected it: this is not one
> to worry about.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
