Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-18198

Release Hadoop 3.3.3: hadoop-3.3.2 with some fixes

VotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    Description

      Hadoop 3.3.3 is a minor followup release to Hadoop 3.3.2 with all the incremental changes which went in to the 3.2.4 release

      • minor CVE fixes in Hadoop source
      • CVE fixes in dependencies we know of (protobuf unmarshalling leading to DoS, jackson stack overflow,...)
      • replacement of log4j 1.2.17 to reload4j
      • node.js update

      This is not a release off branch-3.3, it is a fork of 3.3.2 with the changes.

      The next release of branch-3.3 will be numbered hadoop-3.3.4; updating maven versions and JIRA fix versions is part of this release process.

      The changes here are already in branch 3.2.4; this completes the set

      CVEs fixed

      • CVE-2022-26612: Apache Hadoop: Arbitrary file write in FileUtil#unpackEntries on Windows (HADOOP-18155)
      • CVE-2022-25168 Verify FileUtils.unTar() handling of missing .tar files. (HADOOP-18136)

      Attachments

        Issue Links

        Activity

          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            stevel@apache.org Steve Loughran
            stevel@apache.org Steve Loughran
            Votes:
            0 Vote for this issue
            Watchers:
            8 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0h
                0h
                Logged:
                Time Spent - 2h 10m
                2h 10m

                Slack

                  Issue deployment