Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-12577

Bump up commons-collections version to 3.2.2 to address a security flaw

    Details

    • Target Version/s:
    • Hadoop Flags:
      Reviewed

      Description

      Update commons-collections from 3.2.1 to 3.2.2 because of a major security vulnerability. There are many other open source projects use commons-collections and are also affected.

      Please see http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/ for the discovery of the vulnerability.

      https://issues.apache.org/jira/browse/COLLECTIONS-580 has the discussion thread of the fix.

      https://blogs.apache.org/foundation/entry/apache_commons_statement_to_widespread The ASF response to the security vulnerability.

      1. HADOOP-12577.001.patch
        0.4 kB
        Wei-Chiu Chuang

        Issue Links

          Activity

          Hide
          jojochuang Wei-Chiu Chuang added a comment -

          Only hadoop-project/pom.xml contains commons-collections version 3.2.1

          find . -name pom.xml -print0 | xargs -0 grep -C 2 -e 'commons-collections'
          ./hadoop-common-project/hadoop-common/pom.xml- </dependency>
          ./hadoop-common-project/hadoop-common/pom.xml- <dependency>
          ./hadoop-common-project/hadoop-common/pom.xml: <groupId>commons-collections</groupId>
          ./hadoop-common-project/hadoop-common/pom.xml: <artifactId>commons-collections</artifactId>
          ./hadoop-common-project/hadoop-common/pom.xml- <scope>compile</scope>
          ./hadoop-common-project/hadoop-common/pom.xml- </dependency>

          --
          ./hadoop-mapreduce-project/hadoop-mapreduce-client/pom.xml- </dependency>
          ./hadoop-mapreduce-project/hadoop-mapreduce-client/pom.xml- <dependency>
          ./hadoop-mapreduce-project/hadoop-mapreduce-client/pom.xml: <groupId>commons-collections</groupId>
          ./hadoop-mapreduce-project/hadoop-mapreduce-client/pom.xml: <artifactId>commons-collections</artifactId>
          ./hadoop-mapreduce-project/hadoop-mapreduce-client/pom.xml- <scope>provided</scope>
          ./hadoop-mapreduce-project/hadoop-mapreduce-client/pom.xml- </dependency>

          --
          ./hadoop-project/pom.xml- </dependency>
          ./hadoop-project/pom.xml- <dependency>
          ./hadoop-project/pom.xml: <groupId>commons-collections</groupId>
          ./hadoop-project/pom.xml: <artifactId>commons-collections</artifactId>
          ./hadoop-project/pom.xml- <version>3.2.2</version>
          ./hadoop-project/pom.xml- </dependency>

          --
          ./hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-applicationhistoryservice/pom.xml-
          ./hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-applicationhistoryservice/pom.xml- <dependency>
          ./hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-applicationhistoryservice/pom.xml: <groupId>commons-collections</groupId>
          ./hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-applicationhistoryservice/pom.xml: <artifactId>commons-collections</artifactId>
          ./hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-applicationhistoryservice/pom.xml- </dependency>
          ./hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-applicationhistoryservice/pom.xml-

          Show
          jojochuang Wei-Chiu Chuang added a comment - Only hadoop-project/pom.xml contains commons-collections version 3.2.1 find . -name pom.xml -print0 | xargs -0 grep -C 2 -e 'commons-collections' ./hadoop-common-project/hadoop-common/pom.xml- </dependency> ./hadoop-common-project/hadoop-common/pom.xml- <dependency> ./hadoop-common-project/hadoop-common/pom.xml: <groupId>commons-collections</groupId> ./hadoop-common-project/hadoop-common/pom.xml: <artifactId>commons-collections</artifactId> ./hadoop-common-project/hadoop-common/pom.xml- <scope>compile</scope> ./hadoop-common-project/hadoop-common/pom.xml- </dependency> – -- ./hadoop-mapreduce-project/hadoop-mapreduce-client/pom.xml- </dependency> ./hadoop-mapreduce-project/hadoop-mapreduce-client/pom.xml- <dependency> ./hadoop-mapreduce-project/hadoop-mapreduce-client/pom.xml: <groupId>commons-collections</groupId> ./hadoop-mapreduce-project/hadoop-mapreduce-client/pom.xml: <artifactId>commons-collections</artifactId> ./hadoop-mapreduce-project/hadoop-mapreduce-client/pom.xml- <scope>provided</scope> ./hadoop-mapreduce-project/hadoop-mapreduce-client/pom.xml- </dependency> – -- ./hadoop-project/pom.xml- </dependency> ./hadoop-project/pom.xml- <dependency> ./hadoop-project/pom.xml: <groupId>commons-collections</groupId> ./hadoop-project/pom.xml: <artifactId>commons-collections</artifactId> ./hadoop-project/pom.xml- <version>3.2.2</version> ./hadoop-project/pom.xml- </dependency> – -- ./hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-applicationhistoryservice/pom.xml- ./hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-applicationhistoryservice/pom.xml- <dependency> ./hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-applicationhistoryservice/pom.xml: <groupId>commons-collections</groupId> ./hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-applicationhistoryservice/pom.xml: <artifactId>commons-collections</artifactId> ./hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-applicationhistoryservice/pom.xml- </dependency> ./hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-applicationhistoryservice/pom.xml-
          Hide
          hadoopqa Hadoop QA added a comment -
          -1 overall



          Vote Subsystem Runtime Comment
          0 reexec 0m 7s docker + precommit patch detected.
          +1 @author 0m 0s The patch does not contain any @author tags.
          -1 test4tests 0m 0s The patch doesn't appear to include any new or modified tests. Please justify why no new tests are needed for this patch. Also please list what manual steps were performed to verify this patch.
          +1 mvninstall 3m 32s trunk passed
          +1 compile 0m 9s trunk passed with JDK v1.8.0_66
          +1 compile 0m 9s trunk passed with JDK v1.7.0_85
          +1 mvnsite 0m 13s trunk passed
          +1 mvneclipse 0m 11s trunk passed
          +1 javadoc 0m 9s trunk passed with JDK v1.8.0_66
          +1 javadoc 0m 11s trunk passed with JDK v1.7.0_85
          +1 mvninstall 0m 10s the patch passed
          +1 compile 0m 8s the patch passed with JDK v1.8.0_66
          +1 javac 0m 8s the patch passed
          +1 compile 0m 9s the patch passed with JDK v1.7.0_85
          +1 javac 0m 9s the patch passed
          +1 mvnsite 0m 12s the patch passed
          +1 mvneclipse 0m 10s the patch passed
          +1 whitespace 0m 0s Patch has no whitespace issues.
          +1 xml 0m 1s The patch has no ill-formed XML file.
          +1 javadoc 0m 9s the patch passed with JDK v1.8.0_66
          +1 javadoc 0m 10s the patch passed with JDK v1.7.0_85
          +1 unit 0m 9s hadoop-project in the patch passed with JDK v1.8.0_66.
          +1 unit 0m 9s hadoop-project in the patch passed with JDK v1.7.0_85.
          +1 asflicense 0m 27s Patch does not generate ASF License warnings.
          7m 24s



          Subsystem Report/Notes
          Docker Image:yetus/hadoop:date2015-11-17
          JIRA Patch URL https://issues.apache.org/jira/secure/attachment/12772803/HADOOP-12577.001.patch
          JIRA Issue HADOOP-12577
          Optional Tests asflicense compile javac javadoc mvninstall mvnsite unit xml
          uname Linux 986f6eaad46f 3.13.0-36-lowlatency #63-Ubuntu SMP PREEMPT Wed Sep 3 21:56:12 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
          Build tool maven
          Personality /home/jenkins/jenkins-slave/workspace/PreCommit-HADOOP-Build/patchprocess/apache-yetus-4659377/precommit/personality/hadoop.sh
          git revision trunk / dfbde3f
          JDK v1.7.0_85 Test Results https://builds.apache.org/job/PreCommit-HADOOP-Build/8081/testReport/
          modules C: hadoop-project U: hadoop-project
          Max memory used 228MB
          Powered by Apache Yetus http://yetus.apache.org
          Console output https://builds.apache.org/job/PreCommit-HADOOP-Build/8081/console

          This message was automatically generated.

          Show
          hadoopqa Hadoop QA added a comment - -1 overall Vote Subsystem Runtime Comment 0 reexec 0m 7s docker + precommit patch detected. +1 @author 0m 0s The patch does not contain any @author tags. -1 test4tests 0m 0s The patch doesn't appear to include any new or modified tests. Please justify why no new tests are needed for this patch. Also please list what manual steps were performed to verify this patch. +1 mvninstall 3m 32s trunk passed +1 compile 0m 9s trunk passed with JDK v1.8.0_66 +1 compile 0m 9s trunk passed with JDK v1.7.0_85 +1 mvnsite 0m 13s trunk passed +1 mvneclipse 0m 11s trunk passed +1 javadoc 0m 9s trunk passed with JDK v1.8.0_66 +1 javadoc 0m 11s trunk passed with JDK v1.7.0_85 +1 mvninstall 0m 10s the patch passed +1 compile 0m 8s the patch passed with JDK v1.8.0_66 +1 javac 0m 8s the patch passed +1 compile 0m 9s the patch passed with JDK v1.7.0_85 +1 javac 0m 9s the patch passed +1 mvnsite 0m 12s the patch passed +1 mvneclipse 0m 10s the patch passed +1 whitespace 0m 0s Patch has no whitespace issues. +1 xml 0m 1s The patch has no ill-formed XML file. +1 javadoc 0m 9s the patch passed with JDK v1.8.0_66 +1 javadoc 0m 10s the patch passed with JDK v1.7.0_85 +1 unit 0m 9s hadoop-project in the patch passed with JDK v1.8.0_66. +1 unit 0m 9s hadoop-project in the patch passed with JDK v1.7.0_85. +1 asflicense 0m 27s Patch does not generate ASF License warnings. 7m 24s Subsystem Report/Notes Docker Image:yetus/hadoop:date2015-11-17 JIRA Patch URL https://issues.apache.org/jira/secure/attachment/12772803/HADOOP-12577.001.patch JIRA Issue HADOOP-12577 Optional Tests asflicense compile javac javadoc mvninstall mvnsite unit xml uname Linux 986f6eaad46f 3.13.0-36-lowlatency #63-Ubuntu SMP PREEMPT Wed Sep 3 21:56:12 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux Build tool maven Personality /home/jenkins/jenkins-slave/workspace/PreCommit-HADOOP-Build/patchprocess/apache-yetus-4659377/precommit/personality/hadoop.sh git revision trunk / dfbde3f JDK v1.7.0_85 Test Results https://builds.apache.org/job/PreCommit-HADOOP-Build/8081/testReport/ modules C: hadoop-project U: hadoop-project Max memory used 228MB Powered by Apache Yetus http://yetus.apache.org Console output https://builds.apache.org/job/PreCommit-HADOOP-Build/8081/console This message was automatically generated.
          Hide
          vinodkv Vinod Kumar Vavilapalli added a comment -

          Thanks for reporting this, Wei-Chiu Chuang!.

          I just read the link you shared (http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/). We are not actually using in Hadoop the library InvokerTransformer mentioned there. That leads me to believe that Hadoop is not affected by this vulnerability. Do you agree with that assessment?

          I am okay upgrading the library version, but if it doesn't affect us directly, I'd like to postpone this to our next minor release of 2.8.0 instead of forcing this into the maintenance lines. What do you think?

          Show
          vinodkv Vinod Kumar Vavilapalli added a comment - Thanks for reporting this, Wei-Chiu Chuang !. I just read the link you shared ( http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/ ). We are not actually using in Hadoop the library InvokerTransformer mentioned there. That leads me to believe that Hadoop is not affected by this vulnerability. Do you agree with that assessment? I am okay upgrading the library version, but if it doesn't affect us directly, I'd like to postpone this to our next minor release of 2.8.0 instead of forcing this into the maintenance lines. What do you think?
          Hide
          jojochuang Wei-Chiu Chuang added a comment -

          Hi Vinod Kumar Vavilapalli I agree with you.
          I checked the code and found no usage of the "unsafe classes". I also run the full suite of unit tests and did not find anything broken by upgrading to the new version of commons-collections.

          It is possible Hadoop is still vulnerable to the attack through transitive dependencies, but that's out of our hand.

          Show
          jojochuang Wei-Chiu Chuang added a comment - Hi Vinod Kumar Vavilapalli I agree with you. I checked the code and found no usage of the "unsafe classes". I also run the full suite of unit tests and did not find anything broken by upgrading to the new version of commons-collections. It is possible Hadoop is still vulnerable to the attack through transitive dependencies, but that's out of our hand.
          Hide
          yoderme Mike Yoder added a comment -

          You may well be correct that there is no vulnerability in hadoop - but in some sense that almost does not matter. There are many corporate security departments that are going to raise red flags about the presence of this library in the classpath. Explaining to them why you think you're not vulnerable may or may not work, and it's hard to prove a negative. In my experience it's easiest to just do the upgrade.

          Show
          yoderme Mike Yoder added a comment - You may well be correct that there is no vulnerability in hadoop - but in some sense that almost does not matter. There are many corporate security departments that are going to raise red flags about the presence of this library in the classpath. Explaining to them why you think you're not vulnerable may or may not work, and it's hard to prove a negative. In my experience it's easiest to just do the upgrade.
          Hide
          sjlee0 Sangjin Lee added a comment -

          +1 on Mike Yoder's comment. Internal infosec may not sign off unless it is upgraded.

          Show
          sjlee0 Sangjin Lee added a comment - +1 on Mike Yoder 's comment. Internal infosec may not sign off unless it is upgraded.
          Hide
          dvillegas David Villegas added a comment -

          Hi,

          I am no security expert, but from the link it seems Hadoop does not need to use any of these classes to be vulnerable. They just need to be in the classpath, and the exploit will dynamically load them during deserialization. Also, as it's pointed out elsewhere, commons-collections is just an example of how Java deserialization can be exploited, and a more thorough solution to this would be to ensure Hadoop does not do object deserialization from untrusted sources. It seems things like RMI, JMX, JMS and other IPC mechanisms could be exploitable using this technique.

          Show
          dvillegas David Villegas added a comment - Hi, I am no security expert, but from the link it seems Hadoop does not need to use any of these classes to be vulnerable. They just need to be in the classpath, and the exploit will dynamically load them during deserialization. Also, as it's pointed out elsewhere, commons-collections is just an example of how Java deserialization can be exploited, and a more thorough solution to this would be to ensure Hadoop does not do object deserialization from untrusted sources. It seems things like RMI, JMX, JMS and other IPC mechanisms could be exploitable using this technique.
          Hide
          vinodkv Vinod Kumar Vavilapalli added a comment -

          Okay, I hear you guys - though it isn't entirely clear of the precise attack paths in the context of interaction with Hadoop services, it is safe to upgrade.

          Given that the commons upgrade is a compatible one, I am +1 to the patch. Checking this into all the release lines.

          Show
          vinodkv Vinod Kumar Vavilapalli added a comment - Okay, I hear you guys - though it isn't entirely clear of the precise attack paths in the context of interaction with Hadoop services, it is safe to upgrade. Given that the commons upgrade is a compatible one, I am +1 to the patch. Checking this into all the release lines.
          Hide
          hudson Hudson added a comment -

          FAILURE: Integrated in Hadoop-trunk-Commit #8862 (See https://builds.apache.org/job/Hadoop-trunk-Commit/8862/)
          HADOOP-12577. Bumped up commons-collections version to 3.2.2 to address (vinodkv: rev 70c26703f462e97361924eaf6cbf80be1fce309f)

          • hadoop-common-project/hadoop-common/CHANGES.txt
          • hadoop-project/pom.xml
          Show
          hudson Hudson added a comment - FAILURE: Integrated in Hadoop-trunk-Commit #8862 (See https://builds.apache.org/job/Hadoop-trunk-Commit/8862/ ) HADOOP-12577 . Bumped up commons-collections version to 3.2.2 to address (vinodkv: rev 70c26703f462e97361924eaf6cbf80be1fce309f) hadoop-common-project/hadoop-common/CHANGES.txt hadoop-project/pom.xml
          Hide
          vinodkv Vinod Kumar Vavilapalli added a comment -

          Committed this to trunk, branch-2, branch-2.7, branch-2.7.2, branch-2.6.

          Thanks Wei-Chiu Chuang for the great bug report and a quick patch!

          Show
          vinodkv Vinod Kumar Vavilapalli added a comment - Committed this to trunk, branch-2, branch-2.7, branch-2.7.2, branch-2.6. Thanks Wei-Chiu Chuang for the great bug report and a quick patch!
          Hide
          hudson Hudson added a comment -

          FAILURE: Integrated in Hadoop-Mapreduce-trunk-Java8 #704 (See https://builds.apache.org/job/Hadoop-Mapreduce-trunk-Java8/704/)
          HADOOP-12577. Bumped up commons-collections version to 3.2.2 to address (vinodkv: rev 70c26703f462e97361924eaf6cbf80be1fce309f)

          • hadoop-common-project/hadoop-common/CHANGES.txt
          • hadoop-project/pom.xml
          Show
          hudson Hudson added a comment - FAILURE: Integrated in Hadoop-Mapreduce-trunk-Java8 #704 (See https://builds.apache.org/job/Hadoop-Mapreduce-trunk-Java8/704/ ) HADOOP-12577 . Bumped up commons-collections version to 3.2.2 to address (vinodkv: rev 70c26703f462e97361924eaf6cbf80be1fce309f) hadoop-common-project/hadoop-common/CHANGES.txt hadoop-project/pom.xml
          Hide
          hudson Hudson added a comment -

          FAILURE: Integrated in Hadoop-Mapreduce-trunk #2645 (See https://builds.apache.org/job/Hadoop-Mapreduce-trunk/2645/)
          HADOOP-12577. Bumped up commons-collections version to 3.2.2 to address (vinodkv: rev 70c26703f462e97361924eaf6cbf80be1fce309f)

          • hadoop-common-project/hadoop-common/CHANGES.txt
          • hadoop-project/pom.xml
          Show
          hudson Hudson added a comment - FAILURE: Integrated in Hadoop-Mapreduce-trunk #2645 (See https://builds.apache.org/job/Hadoop-Mapreduce-trunk/2645/ ) HADOOP-12577 . Bumped up commons-collections version to 3.2.2 to address (vinodkv: rev 70c26703f462e97361924eaf6cbf80be1fce309f) hadoop-common-project/hadoop-common/CHANGES.txt hadoop-project/pom.xml
          Hide
          hudson Hudson added a comment -

          FAILURE: Integrated in Hadoop-Yarn-trunk-Java8 #715 (See https://builds.apache.org/job/Hadoop-Yarn-trunk-Java8/715/)
          HADOOP-12577. Bumped up commons-collections version to 3.2.2 to address (vinodkv: rev 70c26703f462e97361924eaf6cbf80be1fce309f)

          • hadoop-common-project/hadoop-common/CHANGES.txt
          • hadoop-project/pom.xml
          Show
          hudson Hudson added a comment - FAILURE: Integrated in Hadoop-Yarn-trunk-Java8 #715 (See https://builds.apache.org/job/Hadoop-Yarn-trunk-Java8/715/ ) HADOOP-12577 . Bumped up commons-collections version to 3.2.2 to address (vinodkv: rev 70c26703f462e97361924eaf6cbf80be1fce309f) hadoop-common-project/hadoop-common/CHANGES.txt hadoop-project/pom.xml
          Hide
          sjlee0 Sangjin Lee added a comment -

          Thanks Vinod Kumar Vavilapalli!

          Now the open question here is whether we need to do a quick release that contains only this security fix or we make this part of the planned release activities (2.6.3 and 2.7.2), the main implication being the timing of this security fix. Thoughts?

          Show
          sjlee0 Sangjin Lee added a comment - Thanks Vinod Kumar Vavilapalli ! Now the open question here is whether we need to do a quick release that contains only this security fix or we make this part of the planned release activities (2.6.3 and 2.7.2), the main implication being the timing of this security fix. Thoughts?
          Hide
          hudson Hudson added a comment -

          FAILURE: Integrated in Hadoop-Yarn-trunk #1438 (See https://builds.apache.org/job/Hadoop-Yarn-trunk/1438/)
          HADOOP-12577. Bumped up commons-collections version to 3.2.2 to address (vinodkv: rev 70c26703f462e97361924eaf6cbf80be1fce309f)

          • hadoop-common-project/hadoop-common/CHANGES.txt
          • hadoop-project/pom.xml
          Show
          hudson Hudson added a comment - FAILURE: Integrated in Hadoop-Yarn-trunk #1438 (See https://builds.apache.org/job/Hadoop-Yarn-trunk/1438/ ) HADOOP-12577 . Bumped up commons-collections version to 3.2.2 to address (vinodkv: rev 70c26703f462e97361924eaf6cbf80be1fce309f) hadoop-common-project/hadoop-common/CHANGES.txt hadoop-project/pom.xml
          Hide
          andrew.wang Andrew Wang added a comment -

          My 2c is to roll some quick releases, since it'll guarantee we get this out in a timely manner. The previous 2.7.2 RC was sunk because of HDFS-8676 and the fix is still not committed (though seems close). It'll be easier to vote on quick releases with just the security fix too.

          Show
          andrew.wang Andrew Wang added a comment - My 2c is to roll some quick releases, since it'll guarantee we get this out in a timely manner. The previous 2.7.2 RC was sunk because of HDFS-8676 and the fix is still not committed (though seems close). It'll be easier to vote on quick releases with just the security fix too.
          Hide
          hudson Hudson added a comment -

          FAILURE: Integrated in Hadoop-Hdfs-trunk-Java8 #632 (See https://builds.apache.org/job/Hadoop-Hdfs-trunk-Java8/632/)
          HADOOP-12577. Bumped up commons-collections version to 3.2.2 to address (vinodkv: rev 70c26703f462e97361924eaf6cbf80be1fce309f)

          • hadoop-project/pom.xml
          • hadoop-common-project/hadoop-common/CHANGES.txt
          Show
          hudson Hudson added a comment - FAILURE: Integrated in Hadoop-Hdfs-trunk-Java8 #632 (See https://builds.apache.org/job/Hadoop-Hdfs-trunk-Java8/632/ ) HADOOP-12577 . Bumped up commons-collections version to 3.2.2 to address (vinodkv: rev 70c26703f462e97361924eaf6cbf80be1fce309f) hadoop-project/pom.xml hadoop-common-project/hadoop-common/CHANGES.txt
          Hide
          sjlee0 Sangjin Lee added a comment -

          I agree it might be good to create quick releases for this.

          Show
          sjlee0 Sangjin Lee added a comment - I agree it might be good to create quick releases for this.
          Hide
          hudson Hudson added a comment -

          FAILURE: Integrated in Hadoop-Hdfs-trunk #2571 (See https://builds.apache.org/job/Hadoop-Hdfs-trunk/2571/)
          HADOOP-12577. Bumped up commons-collections version to 3.2.2 to address (vinodkv: rev 70c26703f462e97361924eaf6cbf80be1fce309f)

          • hadoop-common-project/hadoop-common/CHANGES.txt
          • hadoop-project/pom.xml
          Show
          hudson Hudson added a comment - FAILURE: Integrated in Hadoop-Hdfs-trunk #2571 (See https://builds.apache.org/job/Hadoop-Hdfs-trunk/2571/ ) HADOOP-12577 . Bumped up commons-collections version to 3.2.2 to address (vinodkv: rev 70c26703f462e97361924eaf6cbf80be1fce309f) hadoop-common-project/hadoop-common/CHANGES.txt hadoop-project/pom.xml
          Hide
          stevel@apache.org Steve Loughran added a comment -

          backport this to 2.6?

          Show
          stevel@apache.org Steve Loughran added a comment - backport this to 2.6?
          Hide
          djp Junping Du added a comment -

          Steve Loughran, this is already included in 2.6 since 2.6.3.

          Show
          djp Junping Du added a comment - Steve Loughran , this is already included in 2.6 since 2.6.3.
          Hide
          stevel@apache.org Steve Loughran added a comment -

          OK

          Show
          stevel@apache.org Steve Loughran added a comment - OK

            People

            • Assignee:
              jojochuang Wei-Chiu Chuang
              Reporter:
              jojochuang Wei-Chiu Chuang
            • Votes:
              0 Vote for this issue
              Watchers:
              18 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development