HADOOP-18079. Upgrade Netty to 4.1.77. #3977
Conversation
|
Failed tests don't look related; they don't fail in my local tree. |
|
Thanks @jojochuang for the PR. |
|
I'll merge this PR later today, and then we can start rolling RCs for next 3.3.x and 3.2.x releases |
|
@jojochuang this PR can be merged? |
|
@jojochuang , can we upgrade to 4.1.75.Final, so that the CVE's from netty-tcnative-classes:jar:2.0.48.Final can also be fixed. |
|
@dmmkr would you share more details? Our use of netty shouldn't depend on tcnative. |
|
Looks to tc-native are false positive only. I suggest, we can move to 4.1.75 as some of the downstream(1) already move to 4.1.75 like below and it contains good bug fixes (2) Reference: |
|
Ok pushed a change to update to netty 4.1.75. |
jojochuang
changed the title
|
The test failures do not reproduce in my local tree. I'm triggering a rebuild to double check. |
hadoop-project/pom.xml
Outdated
There was a problem hiding this comment.
Looks netty-transport given two times.. Here and #992
There was a problem hiding this comment.
Very good catch. Thanks @brahmareddybattula . Updated.
hadoop-project/pom.xml
Outdated
There was a problem hiding this comment.
Sorry to ask again, looks now 4.1.76 also available. May be we can raise another jira for this if not with this.
jojochuang
changed the title
|
do these tests which fail go near netty code? that is: are they directly or indirectly related? |
jojochuang
changed the title
Change-Id: I70703c2fbd176a0d6b1c05a47ae67a83b185eb74
Change-Id: I4607d544d523b28fa80b311e66b0f9d5e5e55589
Change-Id: I3e3c77b3d0804fd05e6b319690a1e46ac569ed7b
Change-Id: Id5d6eef9e364e136b1f723b0876fb4234f8d96e1
Change-Id: I304914ae6dcf464be4662039d1ea683411a65e7b
|
A CVE was fixed in 4.1.77 so bump up the version again. |
This comment was marked as outdated.
This comment was marked as outdated.
|
The javac warning is unrelated. It was there before this patch and exists even in trunk. |
|
@jojochuang how far back can we take this do you think? |
Upgrade netty to address CVE-2019-20444, CVE-2019-20445 CVE-2022-24823 Contributed by Wei-Chiu Chuang (cherry picked from commit a55ace7) Change-Id: Idadb5c50329d74daf101829fc573edfa99b4eec9
Upgrade netty to address CVE-2019-20444, CVE-2019-20445 CVE-2022-24823 Contributed by Wei-Chiu Chuang (cherry picked from commit a55ace7) Change-Id: Idadb5c50329d74daf101829fc573edfa99b4eec9 (cherry picked from commit c545341)
Upgrade netty to address CVE-2019-20444, CVE-2019-20445 CVE-2022-24823 Contributed by Wei-Chiu Chuang (cherry picked from commit a55ace7) Change-Id: Idadb5c50329d74daf101829fc573edfa99b4eec9 (cherry picked from commit c545341)
Upgrade netty to address CVE-2019-20444, CVE-2019-20445 CVE-2022-24823 Contributed by Wei-Chiu Chuang (cherry picked from commit a55ace7)
Upgrade netty to address CVE-2019-20444, CVE-2019-20445 CVE-2022-24823 Contributed by Wei-Chiu Chuang (cherry picked from commit a55ace7) (cherry picked from commit 0c12873)
Upgrade netty to address CVE-2019-20444, CVE-2019-20445 CVE-2022-24823 Contributed by Wei-Chiu Chuang
…che#4592) Upgrade netty to address CVE-2019-20444, CVE-2019-20445 CVE-2022-24823 Contributed by Wei-Chiu Chuang (cherry picked from commit a55ace7) (cherry picked from commit 0c12873) Change-Id: Id78e33554e8aa93bf7afd183fc533cfdd285b4ea
Upgrade netty to address CVE-2019-20444, CVE-2019-20445 CVE-2022-24823 Contributed by Wei-Chiu Chuang (cherry picked from commit a55ace7) Change-Id: I7cf7025e0f78816f6614531104ae584373cab7da
This list captures the current state of non-upstream changes in our branch that are not in the public repo. ---Changes cherry-picked to branch-3.3.6-dremio from branch-3.3.2-dremio--- The below changes were on branch-3.3.2-dremio and needed to be brought to branch-3.3.6-dremio to prevent regressing scenarios these changes addressed. HADOOP-18928: S3AFileSystem URL encodes twice where Path has trailing / (proposed) DX-69726: Bumping okie from 1.6.0 to 3.4.0 (CVE-2023-3635) DX-69726: Bumping okie from 1.6.0 to 3.4.0 (CVE-2023-3635) DX-66470: Allow for custom shared key signer for ABFS DX-66673: Backport HADOOP-18602. Remove netty3 dependency DX-66673: Backport MAPREDUCE-7434. Fix ShuffleHandler tests. Contributed by Tamas Domok DX-66673: Backport MAPREDUCE-7431. ShuffleHandler refactor and fix after Netty4 upgrade. (apache#5311) DX-66673: Backport HADOOP-15327. Upgrade MR ShuffleHandler to use Netty4 apache#3259. Contributed by Szilard Nemeth. DX-66673: Backport HADOOP-17115. Replace Guava Sets usage by Hadoop's own Sets in hadoop-common and hadoop-tools (apache#2985) HADOOP-18676. jettison dependency override in hadoop-common lib DX-52816: Downgrade azure-data-lake-store-sdk to 2.3.3 to support dremio version. DX-52701: Remove node based module by Naveen Kumar DX-32012: Adding BatchList Iterator for ListFiles by “ajmeera.nagaraju” DX-18552: Make file status check optional in S3AFileSystem create() Add flag to skip native tests by Laurent Goujon DX-21904: Support S3 requester-pays headers by Brandon Huang DX-21471: Fix checking of use of OAuth credentials with AzureNativeFileSystem DX-19314: make new kms format configurable DX-17058 Add FileSystem to META-INF/services DX-17317 Fix incorrect parameter passed into AzureADAuthenticator-getTokenUsingClientCreds by TiffanyLam DX-17276 Azure AD support for StorageV1 by James Duong DX-17276 Add Azure AD support in Dremio's hadoop-azure library for Storage V1 support unwraps BindException in HttpServer2 ---Changes picked up by moving to 3.3.6--- The below changes were changes on branch-3.3.2-dremio that did not need to come to branch-3.3.6-dremio as the public 3.3.6 branch contained the fixes already. DX-67500: Backport HADOOP-18136. Verify FileUtils.unTar() handling of missing .tar files. DX-66673: Backport HADOOP-18079. Upgrade Netty to 4.1.77. (apache#3977) DX-66673: Backport HADOOP-11245. Update NFS gateway to use Netty4 (apache#2832) (apache#4997) DX-64051: Bump jettison from 1.1 to 1.5.4 in hadoop/branch-3.3.2-dremio DX-64051: Bump jettison from 1.1 to 1.5.4 in hadoop/branch-3.3.2-dremio DX-63800 Bump commons-net from 3.6 to 3.9.0 to address CVE-2021-37533 DX-27168: removing org.codehaus.jackson Change-Id: I6cdb968e33826105caff96e1c3d2c6313a550689
6 participants
Output of mvn dependency:tree after the change: