-
Notifications
You must be signed in to change notification settings - Fork 8.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
HADOOP-18354: Upgrade reload4j to 1.22.2 due to XXE vulnerability #4607
Conversation
💔 -1 overall
This message was automatically generated. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM.
Can you give a check if the test failures are related or not. The top 3 I know aren't.
Will commit post that, if no objections
@ayushtkn in my local testing, I've haven't seen the test failures that appeared in the CI build. |
💔 -1 overall
This message was automatically generated. |
The test failures changed in both builds apart from the RBF one, which I have fixed now, So, went ahead and merged. Side Note: @pjfanning regarding the commit message. In hadoop we aren't using colon to separate the jira id and the text. it is a '.' period here. So, I changed : to . while merging |
…ache#4607). Contributed by PJ Fanning. Signed-off-by: Ayush Saxena <ayushsaxena@apache.org>
…rability (apache#4607). Contributed by PJ Fanning. Signed-off-by: Ayush Saxena <ayushsaxena@apache.org> (cherry picked from commit 36cb8a6) Change-Id: Id61110441b273dbbec0ed3459c8f7eab4056ed7c
…ache#4607). Contributed by PJ Fanning. Change-Id: Ic77cf8ea0f36f43a4e7d46b7e866121581d3483e Signed-off-by: Ayush Saxena <ayushsaxena@apache.org>
Co-authored-by: Wei-Chiu Chuang <weichiu@apache.org> Includes HADOOP-18354. Upgrade reload4j to 1.22.2 due to XXE vulnerability (#4607). Log4j 1.2.17 has been replaced by reloadj 1.22.2 SLF4J is at 1.7.36
Co-authored-by: Wei-Chiu Chuang <weichiu@apache.org> Includes HADOOP-18354. Upgrade reload4j to 1.22.2 due to XXE vulnerability (#4607). Log4j 1.2.17 has been replaced by reloadj 1.22.2 SLF4J is at 1.7.36 (cherry picked from commit 095dfcc)
Co-authored-by: Wei-Chiu Chuang <weichiu@apache.org> Includes HADOOP-18354. Upgrade reload4j to 1.22.2 due to XXE vulnerability (#4607). Log4j 1.2.17 has been replaced by reloadj 1.22.2 SLF4J is at 1.7.36 (cherry picked from commit 095dfcc)
Description of PR
XXE issue in reload4j (probably not very exploitable)
How was this patch tested?
For code changes:
LICENSE
,LICENSE-binary
,NOTICE-binary
files?