The upgrade is a CVE with Severity marked as critical. Relevant advisory[1] by Hadoop team.
[1] https://lists.apache.org/thread/2dk5flnszl7grpvfm7t3dg0w61r4jg9v Thanks, Janardhan On Sat, Jun 18, 2022 at 10:55 PM Baunsgaard, Sebastian <[email protected]> wrote: > > From my side i would hate if someone complain about the issue from Hadoop in > our release. > So i say new release candidate with upgrade. Or if possible without vote. Did > anyone look into what the Hadoop issue is ? > > Br > Sebastian > ________________________________ > From: arnab phani <[email protected]> > Sent: Saturday, June 18, 2022 6:28:54 PM > To: [email protected] > Subject: Re: [QUESTION] Should a minor dependency upgrade stop our release > candidate? > > In my opinion, this upgrade doesn't invalidate the release candidates. It > should be safe to continue. > > Regards, > Arnab.. > > On Sat, Jun 18, 2022, 17:05 Janardhan <[email protected]> wrote: > > > Hi, > > > > We have a version of dependency minor upgrade[1]. Now, the release > > candidate has enough votes to pass. > > > > Shall we apply the patch or continue without it. > > > > [1] https://github.com/apache/systemds/pull/1640 > > > > Best regards, > > Janardhan > >
