[jira] [Commented] (HADOOP-17571) Upgrade com.fasterxml.woodstox:woodstox-core for security reasons
[ https://issues.apache.org/jira/browse/HADOOP-17571?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17300304#comment-17300304 ] Viraj Jasani commented on HADOOP-17571: --- I see, you have created Jira HADOOP-17586 . Thanks > Upgrade com.fasterxml.woodstox:woodstox-core for security reasons > - > > Key: HADOOP-17571 > URL: https://issues.apache.org/jira/browse/HADOOP-17571 > Project: Hadoop Common > Issue Type: Task >Reporter: Viraj Jasani >Assignee: Viraj Jasani >Priority: Major > Labels: pull-request-available > Fix For: 3.3.1, 3.4.0, 3.1.5, 2.10.2, 3.2.3 > > Time Spent: 1h > Remaining Estimate: 0h > > Due to security concerns (CVE: sonatype-2018-0624), we should bump up > woodstox-core to 5.3.0. -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Commented] (HADOOP-17571) Upgrade com.fasterxml.woodstox:woodstox-core for security reasons
[ https://issues.apache.org/jira/browse/HADOOP-17571?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17300300#comment-17300300 ] Viraj Jasani commented on HADOOP-17571: --- Thanks [~ayushtkn]. My bad, due to other build issues on trunk, somehow test failure was missed. I can raise PR including all issues mentioned by you quickly if you are fine? > Upgrade com.fasterxml.woodstox:woodstox-core for security reasons > - > > Key: HADOOP-17571 > URL: https://issues.apache.org/jira/browse/HADOOP-17571 > Project: Hadoop Common > Issue Type: Task >Reporter: Viraj Jasani >Assignee: Viraj Jasani >Priority: Major > Labels: pull-request-available > Fix For: 3.3.1, 3.4.0, 3.1.5, 2.10.2, 3.2.3 > > Time Spent: 1h > Remaining Estimate: 0h > > Due to security concerns (CVE: sonatype-2018-0624), we should bump up > woodstox-core to 5.3.0. -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Commented] (HADOOP-17571) Upgrade com.fasterxml.woodstox:woodstox-core for security reasons
[ https://issues.apache.org/jira/browse/HADOOP-17571?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17300298#comment-17300298 ] Ayush Saxena commented on HADOOP-17571: --- Hey Everyone, I think this upgrade is breaking {{TestConfTest}} Ref: [https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-2732/14/testReport/org.apache.hadoop.util/TestConfTest/testPropertyHasDuplicatedAttributeAndElement/] Apart, It would have been good if we updated the LICENCE file as well with the correct version here: https://github.com/apache/hadoop/blob/trunk/LICENSE-binary#L228 I tried to fix the test, I upgraded org.codehaus.woodstox#stax2-api to 4.2.1 and it worked. I will file a Jira for these stuff, let me know if I am catching it wrong > Upgrade com.fasterxml.woodstox:woodstox-core for security reasons > - > > Key: HADOOP-17571 > URL: https://issues.apache.org/jira/browse/HADOOP-17571 > Project: Hadoop Common > Issue Type: Task >Reporter: Viraj Jasani >Assignee: Viraj Jasani >Priority: Major > Labels: pull-request-available > Fix For: 3.3.1, 3.4.0, 3.1.5, 2.10.2, 3.2.3 > > Time Spent: 1h > Remaining Estimate: 0h > > Due to security concerns (CVE: sonatype-2018-0624), we should bump up > woodstox-core to 5.3.0. -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Commented] (HADOOP-17571) Upgrade com.fasterxml.woodstox:woodstox-core for security reasons
[ https://issues.apache.org/jira/browse/HADOOP-17571?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17298592#comment-17298592 ] Viraj Jasani commented on HADOOP-17571: --- Thank you [~liuml07] > Upgrade com.fasterxml.woodstox:woodstox-core for security reasons > - > > Key: HADOOP-17571 > URL: https://issues.apache.org/jira/browse/HADOOP-17571 > Project: Hadoop Common > Issue Type: Task >Reporter: Viraj Jasani >Assignee: Viraj Jasani >Priority: Major > > Due to security concerns (CVE: sonatype-2018-0624), we should bump up > woodstox-core to 5.3.0. -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Commented] (HADOOP-17571) Upgrade com.fasterxml.woodstox:woodstox-core for security reasons
[ https://issues.apache.org/jira/browse/HADOOP-17571?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17298551#comment-17298551 ] Mingliang Liu commented on HADOOP-17571: Thank you filing this one. I have added you to "Contributor1" list and assigned this Jira to you. > Upgrade com.fasterxml.woodstox:woodstox-core for security reasons > - > > Key: HADOOP-17571 > URL: https://issues.apache.org/jira/browse/HADOOP-17571 > Project: Hadoop Common > Issue Type: Task >Reporter: Viraj Jasani >Assignee: Viraj Jasani >Priority: Major > > Due to security concerns (CVE: sonatype-2018-0624), we should bump up > woodstox-core to 5.3.0. -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Commented] (HADOOP-17571) Upgrade com.fasterxml.woodstox:woodstox-core for security reasons
[ https://issues.apache.org/jira/browse/HADOOP-17571?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17298536#comment-17298536 ] Viraj Jasani commented on HADOOP-17571: --- Can someone please provide me the contributor access and assign this Jira to me? Thanks > Upgrade com.fasterxml.woodstox:woodstox-core for security reasons > - > > Key: HADOOP-17571 > URL: https://issues.apache.org/jira/browse/HADOOP-17571 > Project: Hadoop Common > Issue Type: Task >Reporter: Viraj Jasani >Priority: Major > > Due to security concerns (CVE: sonatype-2018-0624), we should bump up > woodstox-core to 5.3.0. -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org