[HADOOP-18198] Release Hadoop 3.3.3: hadoop-3.3.2 with some fixes - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Task
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 3.3.2
Fix Version/s: 3.3.3
Component/s: build
Labels:
- pull-request-available

Target Version/s:

3.3.3

Description

Hadoop 3.3.3 is a minor followup release to Hadoop 3.3.2 with all the incremental changes which went in to the 3.2.4 release

minor CVE fixes in Hadoop source
CVE fixes in dependencies we know of (protobuf unmarshalling leading to DoS, jackson stack overflow,...)
replacement of log4j 1.2.17 to reload4j
node.js update

This is not a release off branch-3.3, it is a fork of 3.3.2 with the changes.

The next release of branch-3.3 will be numbered hadoop-3.3.4; updating maven versions and JIRA fix versions is part of this release process.

The changes here are already in branch 3.2.4; this completes the set

CVEs fixed

CVE-2022-26612: Apache Hadoop: Arbitrary file write in FileUtil#unpackEntries on Windows (~~HADOOP-18155~~)
CVE-2022-25168 Verify FileUtils.unTar() handling of missing .tar files. (~~HADOOP-18136~~)

Attachments

Issue Links

contains

HADOOP-18212 hadoop-client-runtime latest version 3.3.2 has security issues

Resolved

depends upon

HDFS-16422 Fix thread safety of EC decoding during concurrent preads

Resolved

HDFS-16437 ReverseXML processor doesn't accept XML files without the SnapshotDiffSection.

Resolved

HDFS-16507 [SBN read] Avoid purging edit log which is in progress

Resolved

YARN-10720 YARN WebAppProxyServlet should support connection timeout to prevent proxy server from hanging

Resolved

HADOOP-17650 Fails to build using Maven 3.8.1

Resolved

HADOOP-18109 Ensure that default permissions of directories under internal ViewFS directories are the same as directories on target filesystems

Resolved

HADOOP-18160 `org.wildfly.openssl` should not be shaded by Hadoop build

Resolved

HADOOP-18178 Upgrade jackson to 2.13.2 and jackson-databind to 2.13.2.2. CVE-2020-36518

Resolved

HDFS-16428 Source path with storagePolicy cause wrong typeConsumed while rename

Resolved

YARN-11014 YARN incorrectly validates maximum capacity resources on the validation API

Resolved

YARN-11075 Explicitly declare serialVersionUID in LogMutation class

Resolved

HADOOP-17341 Upgrade commons-codec to 1.15

Resolved

HDFS-11041 Unable to unregister FsDatasetState MBean if DataNode is shutdown twice

Resolved

HADOOP-18088 Replace log4j 1.x with reload4j

Resolved

HDFS-16501 Print the exception when reporting a bad block

Resolved

MAPREDUCE-7373 Building MapReduce NativeTask fails on Fedora 34+

Resolved

HADOOP-18214 Update BUILDING.txt

Resolved

HDFS-16355 Improve the description of dfs.block.scanner.volume.bytes.per.second

Resolved

HADOOP-18155 Refactor tests in TestFileUtil

Resolved

HADOOP-18125 Utility to identify git commit / Jira fixVersion discrepancies for RC preparation

Resolved

is blocked by

HADOOP-18202 create-release fails fatal: unsafe repository ('/build/source' is owned by someone else)

Resolved

is related to

HADOOP-18293 Release Hadoop 3.3.4 critical fix update

Resolved

HADOOP-18305 Release Hadoop 3.3.4: minor update of hadoop-3.3.3

Resolved

relates to

HADOOP-18290 Fix some compatibility issues with 3.3.3 release notes

Open

links to

GitHub Pull Request #4164

GitHub Pull Request #4202

GitHub Pull Request #4239

(16 depends upon, 1 is blocked by, 2 is related to, 1 relates to, 3 links to)

Sub-Tasks

create release docker builds failing with network issues retrieving artifacts

Open

Steve Loughran

Activity

People

Assignee:: Steve Loughran

Reporter:: Steve Loughran

Votes:: 0 Vote for this issue

Watchers:: 8 Start watching this issue

Dates

Created:: 11/Apr/22 13:42

Updated:: 19/Aug/22 09:56

Resolved:: 18/May/22 13:19

Time Tracking

Estimated:

Not Specified

Remaining:

Logged:

2h 10m

Include sub-tasks