Skip to content

chore: hdfs - remove unnecessary jars and bump dependency versions to fix CVEs#682

Merged
adwk67 merged 4 commits intomainfrom
chore/hdfs-slim-jars
May 16, 2024
Merged

chore: hdfs - remove unnecessary jars and bump dependency versions to fix CVEs#682
adwk67 merged 4 commits intomainfrom
chore/hdfs-slim-jars

Conversation

@adwk67
Copy link
Copy Markdown
Member

@adwk67 adwk67 commented May 16, 2024
edited
Loading

Description

This PR fixes the following CVEs for snappy-java (bumped from 1.1.8.2 to 1.1.10.4):

CVE-2023-34453
CVE-2023-34454
CVE-2023-43642
CVE-2023-34455

It also strips the image of jars that we do not need (yarn, mapreduce, minicluster modules, plus test/source jars).

Definition of Done Checklist

  • Not all of these items are applicable to all PRs, the author should update this template to only leave the boxes in that are relevant
  • Please make sure all these things are done and tick the boxes
- [x] Changes are OpenShift compatible
- [x] All added packages (via microdnf or otherwise) have a comment on why they are added
- [x] Add an entry to the CHANGELOG.md file
- [x] Integration tests ran successfully
TIP: Running integration tests with a new product image

The image can be built and uploaded to the kind cluster with the following commands:

bake --product <product> --image-version <stackable-image-version>
kind load docker-image <image-tagged-with-the-major-version> --name=<name-of-your-test-cluster>

See the output of bake to retrieve the image tag for <image-tagged-with-the-major-version>.

@adwk67 adwk67 marked this pull request as ready for review May 16, 2024 12:42
@adwk67 adwk67 self-assigned this May 16, 2024
@adwk67 adwk67 changed the title chore: remove unnecessary jars and bump dependency versions to fix CVEs chore: hdfs - remove unnecessary jars and bump dependency versions to fix CVEs May 16, 2024
lfrancke
lfrancke reviewed May 16, 2024
View reviewed changes
Comment thread hadoop/Dockerfile Outdated
nightkr
nightkr reviewed May 16, 2024
View reviewed changes
Comment thread hadoop/Dockerfile
lfrancke
lfrancke previously approved these changes May 16, 2024
View reviewed changes
@adwk67 adwk67 requested a review from lfrancke May 16, 2024 14:02
@adwk67 adwk67 added this pull request to the merge queue May 16, 2024
Merged via the queue into main with commit 28a3621 May 16, 2024
@adwk67 adwk67 deleted the chore/hdfs-slim-jars branch May 16, 2024 14:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@lfrancke lfrancke lfrancke approved these changes

+2 more reviewers

@nightkr nightkr nightkr left review comments

@fhennig fhennig fhennig left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

@adwk67 adwk67

Labels

release/24.7.0

Projects

Stackable Engineering
Archived in project

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@adwk67 @lfrancke @nightkr @fhennig