[jira] [Commented] (HADOOP-17571) Upgrade com.fasterxml.woodstox:woodstox-core for security reasons

2021-03-12 Thread Viraj Jasani (Jira) 


[ 
https://issues.apache.org/jira/browse/HADOOP-17571?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17300304#comment-17300304
 ] 

Viraj Jasani commented on HADOOP-17571:
---

I see, you have created Jira HADOOP-17586 .

Thanks

> Upgrade com.fasterxml.woodstox:woodstox-core for security reasons
> -
>
> Key: HADOOP-17571
> URL: https://issues.apache.org/jira/browse/HADOOP-17571
> Project: Hadoop Common
>  Issue Type: Task
>Reporter: Viraj Jasani
>Assignee: Viraj Jasani
>Priority: Major
>  Labels: pull-request-available
> Fix For: 3.3.1, 3.4.0, 3.1.5, 2.10.2, 3.2.3
>
>  Time Spent: 1h
>  Remaining Estimate: 0h
>
> Due to security concerns (CVE: sonatype-2018-0624), we should bump up 
> woodstox-core to 5.3.0.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

-
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org

[jira] [Commented] (HADOOP-17571) Upgrade com.fasterxml.woodstox:woodstox-core for security reasons

2021-03-12 Thread Viraj Jasani (Jira) 


[ 
https://issues.apache.org/jira/browse/HADOOP-17571?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17300300#comment-17300300
 ] 

Viraj Jasani commented on HADOOP-17571:
---

Thanks [~ayushtkn]. My bad, due to other build issues on trunk, somehow test 
failure was missed. I can raise PR including all issues mentioned by you 
quickly if you are fine?

> Upgrade com.fasterxml.woodstox:woodstox-core for security reasons
> -
>
> Key: HADOOP-17571
> URL: https://issues.apache.org/jira/browse/HADOOP-17571
> Project: Hadoop Common
>  Issue Type: Task
>Reporter: Viraj Jasani
>Assignee: Viraj Jasani
>Priority: Major
>  Labels: pull-request-available
> Fix For: 3.3.1, 3.4.0, 3.1.5, 2.10.2, 3.2.3
>
>  Time Spent: 1h
>  Remaining Estimate: 0h
>
> Due to security concerns (CVE: sonatype-2018-0624), we should bump up 
> woodstox-core to 5.3.0.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

-
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org

[jira] [Commented] (HADOOP-17571) Upgrade com.fasterxml.woodstox:woodstox-core for security reasons

2021-03-12 Thread Ayush Saxena (Jira) 


[ 
https://issues.apache.org/jira/browse/HADOOP-17571?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17300298#comment-17300298
 ] 

Ayush Saxena commented on HADOOP-17571:
---

Hey Everyone,

I think this upgrade is breaking {{TestConfTest}}

Ref:

[https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-2732/14/testReport/org.apache.hadoop.util/TestConfTest/testPropertyHasDuplicatedAttributeAndElement/]

 

Apart, It would have been good if we updated the LICENCE file as well with the 
correct version here:

https://github.com/apache/hadoop/blob/trunk/LICENSE-binary#L228

 

I tried to fix the test, I upgraded org.codehaus.woodstox#stax2-api to 4.2.1 
and it worked. I will file a Jira for these stuff, let me know if I am catching 
it wrong

> Upgrade com.fasterxml.woodstox:woodstox-core for security reasons
> -
>
> Key: HADOOP-17571
> URL: https://issues.apache.org/jira/browse/HADOOP-17571
> Project: Hadoop Common
>  Issue Type: Task
>Reporter: Viraj Jasani
>Assignee: Viraj Jasani
>Priority: Major
>  Labels: pull-request-available
> Fix For: 3.3.1, 3.4.0, 3.1.5, 2.10.2, 3.2.3
>
>  Time Spent: 1h
>  Remaining Estimate: 0h
>
> Due to security concerns (CVE: sonatype-2018-0624), we should bump up 
> woodstox-core to 5.3.0.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

-
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org

[jira] [Commented] (HADOOP-17571) Upgrade com.fasterxml.woodstox:woodstox-core for security reasons

2021-03-09 Thread Viraj Jasani (Jira) 


[ 
https://issues.apache.org/jira/browse/HADOOP-17571?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17298592#comment-17298592
 ] 

Viraj Jasani commented on HADOOP-17571:
---

Thank you [~liuml07]

> Upgrade com.fasterxml.woodstox:woodstox-core for security reasons
> -
>
> Key: HADOOP-17571
> URL: https://issues.apache.org/jira/browse/HADOOP-17571
> Project: Hadoop Common
>  Issue Type: Task
>Reporter: Viraj Jasani
>Assignee: Viraj Jasani
>Priority: Major
>
> Due to security concerns (CVE: sonatype-2018-0624), we should bump up 
> woodstox-core to 5.3.0.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

-
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org

[jira] [Commented] (HADOOP-17571) Upgrade com.fasterxml.woodstox:woodstox-core for security reasons

2021-03-09 Thread Mingliang Liu (Jira) 


[ 
https://issues.apache.org/jira/browse/HADOOP-17571?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17298551#comment-17298551
 ] 

Mingliang Liu commented on HADOOP-17571:


Thank you filing this one. I have added you to "Contributor1" list and assigned 
this Jira to you.

> Upgrade com.fasterxml.woodstox:woodstox-core for security reasons
> -
>
> Key: HADOOP-17571
> URL: https://issues.apache.org/jira/browse/HADOOP-17571
> Project: Hadoop Common
>  Issue Type: Task
>Reporter: Viraj Jasani
>Assignee: Viraj Jasani
>Priority: Major
>
> Due to security concerns (CVE: sonatype-2018-0624), we should bump up 
> woodstox-core to 5.3.0.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

-
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org

[jira] [Commented] (HADOOP-17571) Upgrade com.fasterxml.woodstox:woodstox-core for security reasons

2021-03-09 Thread Viraj Jasani (Jira) 


[ 
https://issues.apache.org/jira/browse/HADOOP-17571?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17298536#comment-17298536
 ] 

Viraj Jasani commented on HADOOP-17571:
---

Can someone please provide me the contributor access and assign this Jira to me?

Thanks

> Upgrade com.fasterxml.woodstox:woodstox-core for security reasons
> -
>
> Key: HADOOP-17571
> URL: https://issues.apache.org/jira/browse/HADOOP-17571
> Project: Hadoop Common
>  Issue Type: Task
>Reporter: Viraj Jasani
>Priority: Major
>
> Due to security concerns (CVE: sonatype-2018-0624), we should bump up 
> woodstox-core to 5.3.0.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

-
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org