-
Notifications
You must be signed in to change notification settings - Fork 8.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
HADOOP-18782 upgrade to snappy-java 1.1.10.1 due to CVEs #5773
Conversation
+1(binding) wait jenkins compilation result. |
💔 -1 overall
This message was automatically generated. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM,
failing tests are failing continuously, can ignore for now, need to fix them soon....
any underlying cause? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
+1
broken in the daily build, since months it is expecting to log the thread dump in the file, but that isn't getting dumped now
someone removed it or something broke in that logic, haven't got chance to debug yet.... |
looks like a really brittle test, including comments that don't match the code, and a text file scan which (a) doesn't log the output and (b) could well be brittle against Java versions changing the format of the output. |
Addresses CVE-2023-34454 Contributed by PJ Fanning
These tests are fixed now: https://ci-hadoop.apache.org/view/Hadoop/job/hadoop-qbt-trunk-java8-linux-x86_64/1367/testReport/junit/org.apache.hadoop.mapreduce.v2/TestMRJobs/testThreadDumpOnTaskTimeout/ The culprit was: And this was committed in march & these tests were also failing since 4-5 months, now post revert they are passing, so hopefully we are sorted :-) |
Addresses CVE-2023-34454 Contributed by PJ Fanning
Description of PR
upgrade to snappy-java 1.1.10.1 due to CVEs
How was this patch tested?
CI build
For code changes:
LICENSE
,LICENSE-binary
,NOTICE-binary
files?