Thank you. I've merged the patches, and will update Docs ASAP. Istvan
On Thu, Jan 9, 2025 at 12:27 PM Nick Dimiduk <ndimi...@apache.org> wrote: > Okay, let's go for it, István. This will be our policy for active > release lines going forward. Go ahead with your patches and please > update the compatibility guidelines in the book relating to supported > Hadoop versions and CVE mitigation, as appropriate. > > Thanks, > Nick > > On Thu, Jan 9, 2025 at 7:57 AM Andrew Purtell <andrew.purt...@gmail.com> > wrote: > > > > I have not been following. I’ve been away for a while and am getting > back up to speed. Thanks for summarizing the discussion so far. > > > > I support it too. For purely practical reasons, I admit. We have to be > CVE clean, to the extent possible, with annoying documentation requirements > when known issues remain in a deployment image. > > > > We’d also want 3.4 for the fix for the lease leak on close bug in the > DFS client. That was the cause of hundreds of half-closed WALs leaked in > production before we analyzed the issues and rolled out a mitigation. We > use FSHLog, for reasons. Users who do the same are subject to the same > issue and bundling 3.4.1 libraries (and also documenting the required site > configuration) is the solution. > > > > > On Jan 8, 2025, at 10:36 PM, Istvan Toth <st...@cloudera.com.invalid> > wrote: > > > > > > We've updated the default Hadoop version on the non-release branches > to > > > 3.4.1, and have discussed doing the same on the release branches. > > > I don't know if you've been following the discussion threads about this > > > Andrew, but it basically a dilemma of > > > > > > * risking undetected problems on HBase patch release upgrade, and > causing > > > problems for some existing users > > > * VS shipping the release with old known CVEs in the included Hadoop, > which > > > hinders HBase adoptation due to being perceived as insecure. > > > > > > Duo and I support this, but Nick has reservations, and deferred to you. > > > > > > What do you think ? > > > > > >> On Tue, Jan 7, 2025 at 5:44 PM Andrew Purtell <apurt...@apache.org> > wrote: > > >> > > >> Hi Nihal, > > >> > > >> I think we could take HBASE-29028 and HBASE-28983 in the upcoming > release > > >> right now. Let me follow up on the respective PRs. > > >> > > >> For HBASE-28832, I think it should have some time to bake. Maybe in > > >> branch-2 first, for kicking the tires, and then we could backport it > to the > > >> releases. > > >> > > >>> On Mon, Jan 6, 2025 at 9:23 PM Nihal Jain <nihalj...@apache.org> > wrote: > > >>> > > >>> Hi, > > >>> > > >>> Dávid Paksy is working on backporting changes for upgrading to > bootstrap > > >>> 5.3.3. > > >>> > > >>> Following PRs are pending for this: > > >>> 1) HBASE-29028 Backport missing UI patches to branch-2.5 > > >>> 2) HBASE-28832 Upgrade from bootstrap 3.4.1 to non vulnerable version > > >> 5.3.3 > > >>> 3) HBASE-28983 Static resources are not loaded on REST web UI pages > in > > >> dev > > >>> mode > > >>> > > >>> Changes for first two JIRAs are up review. Third is good to have. > > >>> > > >>> Please suggest if we want to consume these changes for upcoming > release > > >> or > > >>> should we wait on merging these until release is done. > > >>> > > >>> Regards, > > >>> Nihal > > >>> > > >>> On 2025/01/06 17:49:10 Andrew Purtell wrote: > > >>>> Related to 2.5.11, there are 61 resolved issues*, and one pending > that > > >>> may > > >>>> land in the next couple of days. > > >>>> > > >>>> * - https://issues.apache.org/jira/projects/HBASE/versions/12354955 > > >>>> > > >>>> On Mon, Jan 6, 2025 at 9:37 AM Andrew Purtell <apurt...@apache.org> > > >>> wrote: > > >>>> > > >>>>> We are overdue for a maintenance release of 2.5. > > >>>>> > > >>>>> If you have any pending work that should go in to such a release, > > >>> please > > >>>>> get it committed in the next couple of days. Please let me know if > > >> you > > >>> have > > >>>>> any blocking issues preventing that. > > >>>>> > > >>>> > > >>> > > >> > > >> > > >> -- > > >> Best regards, > > >> Andrew > > >> > > >> Unrest, ignorance distilled, nihilistic imbeciles - > > >> It's what we’ve earned > > >> Welcome, apocalypse, what’s taken you so long? > > >> Bring us the fitting end that we’ve been counting on > > >> - A23, Welcome, Apocalypse > > >> > > > > > > > > > -- > > > *István Tóth* | Sr. Staff Software Engineer > > > *Email*: st...@cloudera.com > > > cloudera.com <https://www.cloudera.com> > > > [image: Cloudera] <https://www.cloudera.com/> > > > [image: Cloudera on Twitter] <https://twitter.com/cloudera> [image: > > > Cloudera on Facebook] <https://www.facebook.com/cloudera> [image: > Cloudera > > > on LinkedIn] <https://www.linkedin.com/company/cloudera> > > > ------------------------------ > > > ------------------------------ > -- *István Tóth* | Sr. Staff Software Engineer *Email*: st...@cloudera.com cloudera.com <https://www.cloudera.com> [image: Cloudera] <https://www.cloudera.com/> [image: Cloudera on Twitter] <https://twitter.com/cloudera> [image: Cloudera on Facebook] <https://www.facebook.com/cloudera> [image: Cloudera on LinkedIn] <https://www.linkedin.com/company/cloudera> ------------------------------ ------------------------------
