[jira] [Commented] (HADOOP-15804) upgrade to commons-compress 1.18
[ https://issues.apache.org/jira/browse/HADOOP-15804?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16929680#comment-16929680 ] Wei-Chiu Chuang commented on HADOOP-15804: -- Cherrypicked the commit into branch2. > upgrade to commons-compress 1.18 > > > Key: HADOOP-15804 > URL: https://issues.apache.org/jira/browse/HADOOP-15804 > Project: Hadoop Common > Issue Type: Improvement >Reporter: PJ Fanning >Assignee: Akira Ajisaka >Priority: Major > Fix For: 2.10.0, 3.0.4, 3.3.0, 3.1.2, 3.2.1 > > Attachments: HADOOP-15804.01.patch > > > [https://github.com/apache/commons-compress/blob/master/RELEASE-NOTES.txt] > Some CVEs have been fixed in recent releases > ([https://commons.apache.org/proper/commons-compress/security-reports.html]) > [https://mvnrepository.com/artifact/org.apache.hadoop/hadoop-common/3.1.1] > depends on commons-compress 1.4.1 -- This message was sent by Atlassian Jira (v8.3.2#803003) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Commented] (HADOOP-15804) upgrade to commons-compress 1.18
[ https://issues.apache.org/jira/browse/HADOOP-15804?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16656812#comment-16656812 ] Hudson commented on HADOOP-15804: - SUCCESS: Integrated in Jenkins build Hadoop-trunk-Commit #15267 (See [https://builds.apache.org/job/Hadoop-trunk-Commit/15267/]) HADOOP-15804. upgrade to commons-compress 1.18. Contributed by Akira (tasanuma: rev 9bd18324c7801472409d9ad69ea365aa7a33a9c4) * (edit) hadoop-project/pom.xml > upgrade to commons-compress 1.18 > > > Key: HADOOP-15804 > URL: https://issues.apache.org/jira/browse/HADOOP-15804 > Project: Hadoop Common > Issue Type: Improvement >Reporter: PJ Fanning >Assignee: Akira Ajisaka >Priority: Major > Fix For: 3.0.4, 3.3.0, 3.1.2, 3.2.1 > > Attachments: HADOOP-15804.01.patch > > > [https://github.com/apache/commons-compress/blob/master/RELEASE-NOTES.txt] > Some CVEs have been fixed in recent releases > ([https://commons.apache.org/proper/commons-compress/security-reports.html]) > [https://mvnrepository.com/artifact/org.apache.hadoop/hadoop-common/3.1.1] > depends on commons-compress 1.4.1 -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Commented] (HADOOP-15804) upgrade to commons-compress 1.18
[ https://issues.apache.org/jira/browse/HADOOP-15804?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16656745#comment-16656745 ] Takanobu Asanuma commented on HADOOP-15804: --- Committed to trunk. Thanks [~ajisakaa] for the patch, [~pj.fanning] for reporting the issue and [~jojochuang] for the comment! > upgrade to commons-compress 1.18 > > > Key: HADOOP-15804 > URL: https://issues.apache.org/jira/browse/HADOOP-15804 > Project: Hadoop Common > Issue Type: Improvement >Reporter: PJ Fanning >Assignee: Akira Ajisaka >Priority: Major > Attachments: HADOOP-15804.01.patch > > > [https://github.com/apache/commons-compress/blob/master/RELEASE-NOTES.txt] > Some CVEs have been fixed in recent releases > ([https://commons.apache.org/proper/commons-compress/security-reports.html]) > [https://mvnrepository.com/artifact/org.apache.hadoop/hadoop-common/3.1.1] > depends on commons-compress 1.4.1 -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Commented] (HADOOP-15804) upgrade to commons-compress 1.18
[ https://issues.apache.org/jira/browse/HADOOP-15804?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16656733#comment-16656733 ] Takanobu Asanuma commented on HADOOP-15804: --- I've confirmed that the patch doesn't affect existing unit tests. +1. > upgrade to commons-compress 1.18 > > > Key: HADOOP-15804 > URL: https://issues.apache.org/jira/browse/HADOOP-15804 > Project: Hadoop Common > Issue Type: Improvement >Reporter: PJ Fanning >Assignee: Akira Ajisaka >Priority: Major > Attachments: HADOOP-15804.01.patch > > > [https://github.com/apache/commons-compress/blob/master/RELEASE-NOTES.txt] > Some CVEs have been fixed in recent releases > ([https://commons.apache.org/proper/commons-compress/security-reports.html]) > [https://mvnrepository.com/artifact/org.apache.hadoop/hadoop-common/3.1.1] > depends on commons-compress 1.4.1 -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Commented] (HADOOP-15804) upgrade to commons-compress 1.18
[ https://issues.apache.org/jira/browse/HADOOP-15804?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16643286#comment-16643286 ] Hadoop QA commented on HADOOP-15804: | (x) *{color:red}-1 overall{color}* | \\ \\ || Vote || Subsystem || Runtime || Comment || | {color:blue}0{color} | {color:blue} reexec {color} | {color:blue} 0m 40s{color} | {color:blue} Docker mode activated. {color} | || || || || {color:brown} Prechecks {color} || | {color:green}+1{color} | {color:green} @author {color} | {color:green} 0m 0s{color} | {color:green} The patch does not contain any @author tags. {color} | | {color:red}-1{color} | {color:red} test4tests {color} | {color:red} 0m 0s{color} | {color:red} The patch doesn't appear to include any new or modified tests. Please justify why no new tests are needed for this patch. Also please list what manual steps were performed to verify this patch. {color} | || || || || {color:brown} trunk Compile Tests {color} || | {color:green}+1{color} | {color:green} mvninstall {color} | {color:green} 23m 50s{color} | {color:green} trunk passed {color} | | {color:green}+1{color} | {color:green} compile {color} | {color:green} 0m 16s{color} | {color:green} trunk passed {color} | | {color:green}+1{color} | {color:green} mvnsite {color} | {color:green} 0m 17s{color} | {color:green} trunk passed {color} | | {color:green}+1{color} | {color:green} shadedclient {color} | {color:green} 34m 26s{color} | {color:green} branch has no errors when building and testing our client artifacts. {color} | | {color:green}+1{color} | {color:green} javadoc {color} | {color:green} 0m 17s{color} | {color:green} trunk passed {color} | || || || || {color:brown} Patch Compile Tests {color} || | {color:green}+1{color} | {color:green} mvninstall {color} | {color:green} 0m 13s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} compile {color} | {color:green} 0m 11s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} javac {color} | {color:green} 0m 11s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} mvnsite {color} | {color:green} 0m 13s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} whitespace {color} | {color:green} 0m 0s{color} | {color:green} The patch has no whitespace issues. {color} | | {color:green}+1{color} | {color:green} xml {color} | {color:green} 0m 2s{color} | {color:green} The patch has no ill-formed XML file. {color} | | {color:green}+1{color} | {color:green} shadedclient {color} | {color:green} 11m 37s{color} | {color:green} patch has no errors when building and testing our client artifacts. {color} | | {color:green}+1{color} | {color:green} javadoc {color} | {color:green} 0m 13s{color} | {color:green} the patch passed {color} | || || || || {color:brown} Other Tests {color} || | {color:green}+1{color} | {color:green} unit {color} | {color:green} 0m 14s{color} | {color:green} hadoop-project in the patch passed. {color} | | {color:green}+1{color} | {color:green} asflicense {color} | {color:green} 1m 0s{color} | {color:green} The patch does not generate ASF License warnings. {color} | | {color:black}{color} | {color:black} {color} | {color:black} 50m 4s{color} | {color:black} {color} | \\ \\ || Subsystem || Report/Notes || | Docker | Client=17.05.0-ce Server=17.05.0-ce Image:yetus/hadoop:4b8c2b1 | | JIRA Issue | HADOOP-15804 | | JIRA Patch URL | https://issues.apache.org/jira/secure/attachment/12943001/HADOOP-15804.01.patch | | Optional Tests | dupname asflicense compile javac javadoc mvninstall mvnsite unit shadedclient xml | | uname | Linux db1c6f24ec24 4.4.0-133-generic #159-Ubuntu SMP Fri Aug 10 07:31:43 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux | | Build tool | maven | | Personality | /testptch/patchprocess/precommit/personality/provided.sh | | git revision | trunk / 7ba1cfd | | maven | version: Apache Maven 3.3.9 | | Default Java | 1.8.0_181 | | Test Results | https://builds.apache.org/job/PreCommit-HADOOP-Build/15322/testReport/ | | Max. process+thread count | 443 (vs. ulimit of 1) | | modules | C: hadoop-project U: hadoop-project | | Console output | https://builds.apache.org/job/PreCommit-HADOOP-Build/15322/console | | Powered by | Apache Yetus 0.8.0 http://yetus.apache.org | This message was automatically generated. > upgrade to commons-compress 1.18 > > > Key: HADOOP-15804 > URL: https://issues.apache.org/jira/browse/HADOOP-15804 > Project: Hadoop Common > Issue Type: Improvement >Reporter: PJ Fanning >Assignee: Akira Ajisaka >Priority: Major > Attachments: HADOOP-15804.01.patch > > > [https://github.com/apache/commons-compress/blob/master/RELEASE-NOTES.txt] > Some CVEs
[jira] [Commented] (HADOOP-15804) upgrade to commons-compress 1.18
[ https://issues.apache.org/jira/browse/HADOOP-15804?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16633246#comment-16633246 ] Wei-Chiu Chuang commented on HADOOP-15804: -- Thanks for identifying this issue. Looks like Hadoop never updated commons-compress dependency. 1.4.1 was released more than 6 years ago. There are two fixed security vulnerabilities. Though both are low level, if bumping up dependency doesn't cause any regressions we should consider update. > upgrade to commons-compress 1.18 > > > Key: HADOOP-15804 > URL: https://issues.apache.org/jira/browse/HADOOP-15804 > Project: Hadoop Common > Issue Type: Improvement >Reporter: PJ Fanning >Priority: Major > > [https://github.com/apache/commons-compress/blob/master/RELEASE-NOTES.txt] > Some CVEs have been fixed in recent releases > ([https://commons.apache.org/proper/commons-compress/security-reports.html]) > [https://mvnrepository.com/artifact/org.apache.hadoop/hadoop-common/3.1.1] > depends on commons-compress 1.4.1 -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org