Skip to content

[AMORO-3732] Upgrade commons-beanutils version to 1.11.0#3733

Merged
zhoujinsong merged 2 commits intoapache:masterfrom
zhangwl9:AMORO-fixup-hadoop-client-bug-dev
Aug 18, 2025
Merged

[AMORO-3732] Upgrade commons-beanutils version to 1.11.0#3733
zhoujinsong merged 2 commits intoapache:masterfrom
zhangwl9:AMORO-fixup-hadoop-client-bug-dev

Conversation

@zhangwl9
Copy link
Contributor

@zhangwl9 zhangwl9 commented Aug 14, 2025

Why are the changes needed?

Close #3732.

Brief change log

As shown in figure,amoro introduces the dependency haoop-client-3.4.0.jar, which introduces commons-beanutils-1.9.4.jar, and eventually saves commons-beanutils-1.9.4.jar in the lib folder when compiling via mvn.
image

In pom.xml you need to explicitly introduce the commons-beanutils-1.11.0.jar dependency to override the old commons-beanutils-1.9.4.jar version introduced by hadoop-client-3.4.0.jar.

after the pr, there is commons-beanutils-1.11.0.jar instead of commons-beanutils-1.9.4.jar in amoro's lib folder.

How was this patch tested?

  • Add some test cases that check the changes thoroughly including negative and positive cases if possible

  • Add screenshots for manual tests if appropriate

  • Run test locally before making a pull request

Documentation

  • Does this pull request introduce a new feature? (yes / no)
  • If yes, how is the feature documented? (not applicable / docs / JavaDocs / not documented)

@zhangwl9
Copy link
Contributor Author

@cxxiii @baiyangtx Could you please take a look at this pr when you're free, thanks!

Copy link
Contributor

@zhoujinsong zhoujinsong left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM.

Thanks for the contribution!

@zhoujinsong zhoujinsong merged commit 1f928be into apache:master Aug 18, 2025
6 checks passed
Jzjsnow pushed a commit to Jzjsnow/amoro that referenced this pull request Aug 22, 2025
Upgrade commons-beanutils version to 1.11.0

Co-authored-by: 张文领 <zhangwl9@chinatelecom.cn>
(cherry picked from commit 1f928be)
zhoujinsong pushed a commit that referenced this pull request Aug 25, 2025
Upgrade commons-beanutils version to 1.11.0

Co-authored-by: 张文领 <zhangwl9@chinatelecom.cn>
(cherry picked from commit 1f928be)
@zhangwl9 zhangwl9 deleted the AMORO-fixup-hadoop-client-bug-dev branch September 19, 2025 11:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

[Bug]: Vulnerability in version 1.9.4 of common-beanutils

2 participants