Uploaded image for project: 'HBase'
  1. HBase
  2. HBASE-28250

Bump jruby to 9.4.8.0 to fix snakeyaml CVE

    XMLWordPrintableJSON

Details

    • Incompatible change, Reviewed
    • Hide
      This change brings in JRuby 9.4.x which targets Ruby 3.1 compatibility instead of Ruby 2.6 which 9.3.x were having!

      Please ensure to replace all "import" statements with "java_import" in your ruby scripts.

      Also you could try features like colorize and auto complete via hbase shell arguments with the new JRuby. These are disabled by default!
      Show
      This change brings in JRuby 9.4.x which targets Ruby 3.1 compatibility instead of Ruby 2.6 which 9.3.x were having! Please ensure to replace all "import" statements with "java_import" in your ruby scripts. Also you could try features like colorize and auto complete via hbase shell arguments with the new JRuby. These are disabled by default!

    Description

      As a follow up of HBASE-28249, we want to bump to latest 9.4.x line here. 

      This release line drops critical snakeyaml CVE (org.yaml : snakeyaml : 1.33 having CVE-2022-1471) from our classpath with following change along with several other bugs/fixes: 

      • The Psych YAML library is updated to 5.1.0. This version switches the JRuby extension to SnakeYAML Engine, avoiding CVEs against the original SnakeYAML and updating YAML compatibility to specification version 1.2. #6365#7570#7626

      NOTE: JRuby 9.4.x targets Ruby 3.1 compatibility instead of Ruby 2.6 which 9.3.x were having!

      Attachments

        Issue Links

          is a clone of

          Task - A task that needs to be done. HBASE-28249 Bump jruby to 9.3.13.0 and related joni and jcodings to 2.2.1 and 1.0.58 respectively

          • Major - Major loss of function.
          • Resolved
          is cloned by

          Task - A task that needs to be done. HBASE-28968 Bump jruby to 9.4.9.0 to fix rexml CVE

          • Major - Major loss of function.
          • Open
          is related to

          Bug - A problem which impairs or prevents the functions of the product. HBASE-27921 Bump up jruby to 9.4.2.0 and related joni and jcodings to 2.1.48 and 1.0.58 respectively

          • Major - Major loss of function.
          • Resolved

          Bug - A problem which impairs or prevents the functions of the product. HBASE-28864 NoMethodError undefined method assignment_expression?

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Resolved
          links to

          Web Link GitHub Pull Request #6127

          Web Link GitHub Pull Request #6145

          Web Link GitHub Pull Request #6146

          Activity

            People

              nihaljain.cs Nihal Jain
              nihaljain.cs Nihal Jain
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: