HADOOP-19585. Upgrade commons-beanutils to 1.11.0 due to CVE-2025-48734.

[fuchaohong]

JIRA: HADOOP-19585. Upgrade commons-beanutils to 1.11.0 due to CVE-2025-48734.

Upgrade commons-beanutils to 1.11.0 due to CVE-2025-48734.

[slfan1989]

@pjfanning Could you help review this PR? Thank you very much!

[pjfanning]

lgtm - pending CI build

[steveloughran]

+1 pending a successful Yetus build for this branch and 3.4

[dongjoon-hyun]

+1, LGTM.

[hadoop-yetus]

💔 -1 overall

Vote	Subsystem	Runtime	Logfile	Comment
+0 🆗	reexec	17m 3s		Docker mode activated.
			_ Prechecks _
+1 💚	dupname	0m 0s		No case conflicting files found.
+0 🆗	codespell	0m 0s		codespell was not available.
+0 🆗	detsecrets	0m 0s		detect-secrets was not available.
+0 🆗	xmllint	0m 0s		xmllint was not available.
+0 🆗	shelldocs	0m 0s		Shelldocs was not available.
+1 💚	@author	0m 0s		The patch does not contain any @author tags.
-1 ❌	test4tests	0m 0s		The patch doesn't appear to include any new or modified tests. Please justify why no new tests are needed for this patch. Also please list what manual steps were performed to verify this patch.
			_ branch-3.4.0 Compile Tests _
+0 🆗	mvndep	14m 10s		Maven dependency ordering for branch
+1 💚	mvninstall	31m 34s		branch-3.4.0 passed
+1 💚	compile	16m 50s		branch-3.4.0 passed with JDK Ubuntu-11.0.27+6-post-Ubuntu-0ubuntu120.04
+1 💚	compile	15m 15s		branch-3.4.0 passed with JDK Private Build-1.8.0_452-8u452-gaus1-0ubuntu120.04-b09
+1 💚	mvnsite	19m 21s		branch-3.4.0 passed
+1 💚	javadoc	8m 19s		branch-3.4.0 passed with JDK Ubuntu-11.0.27+6-post-Ubuntu-0ubuntu120.04
+1 💚	javadoc	7m 29s		branch-3.4.0 passed with JDK Private Build-1.8.0_452-8u452-gaus1-0ubuntu120.04-b09
+1 💚	shadedclient	47m 45s		branch has no errors when building and testing our client artifacts.
			_ Patch Compile Tests _
+0 🆗	mvndep	0m 35s		Maven dependency ordering for patch
+1 💚	mvninstall	29m 15s		the patch passed
+1 💚	compile	16m 19s		the patch passed with JDK Ubuntu-11.0.27+6-post-Ubuntu-0ubuntu120.04
+1 💚	javac	16m 19s		the patch passed
+1 💚	compile	15m 23s		the patch passed with JDK Private Build-1.8.0_452-8u452-gaus1-0ubuntu120.04-b09
+1 💚	javac	15m 23s		the patch passed
+1 💚	blanks	0m 0s		The patch has no blanks issues.
+1 💚	mvnsite	16m 12s		the patch passed
+1 💚	shellcheck	0m 1s		No new issues.
+1 💚	javadoc	8m 3s		the patch passed with JDK Ubuntu-11.0.27+6-post-Ubuntu-0ubuntu120.04
+1 💚	javadoc	7m 28s		the patch passed with JDK Private Build-1.8.0_452-8u452-gaus1-0ubuntu120.04-b09
+1 💚	shadedclient	48m 24s		patch has no errors when building and testing our client artifacts.
			_ Other Tests _
-1 ❌	unit	434m 51s	/patch-unit-root.txt	root in the patch failed.
+1 💚	asflicense	0m 40s		The patch does not generate ASF License warnings.
		726m 58s

Reason	Tests
Failed junit tests	hadoop.hdfs.protocol.TestBlockListAsLongs
	hadoop.hdfs.server.datanode.TestLargeBlockReport
	hadoop.yarn.server.federation.store.records.TestFederationProtocolRecords
	hadoop.yarn.server.nodemanager.containermanager.logaggregation.TestLogAggregationService
	hadoop.yarn.server.resourcemanager.TestRMRestart

Subsystem	Report/Notes
Docker	ClientAPI=1.50 ServerAPI=1.50 base: https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-7743/1/artifact/out/Dockerfile
GITHUB PR	#7743
Optional Tests	dupname asflicense compile javac javadoc mvninstall mvnsite unit shadedclient codespell detsecrets xmllint shellcheck shelldocs
uname	Linux 0c893c67b18f 5.15.0-136-generic #147-Ubuntu SMP Sat Mar 15 15:53:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux
Build tool	maven
Personality	dev-support/bin/hadoop.sh
git revision	branch-3.4.0 / f7baabc
Default Java	Private Build-1.8.0_452-8u452-gaus1-0ubuntu120.04-b09
Multi-JDK versions	/usr/lib/jvm/java-11-openjdk-amd64:Ubuntu-11.0.27+6-post-Ubuntu-0ubuntu120.04 /usr/lib/jvm/java-8-openjdk-amd64:Private Build-1.8.0_452-8u452-gaus1-0ubuntu120.04-b09
Test Results	https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-7743/1/testReport/
Max. process+thread count	3152 (vs. ulimit of 5500)
modules	C: hadoop-project . U: .
Console output	https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-7743/1/console
versions	git=2.25.1 maven=3.6.3 shellcheck=0.7.0
Powered by	Apache Yetus 0.14.0 https://yetus.apache.org

This message was automatically generated.

[slfan1989]

@fuchaohong Thank you for your contribution! The unit test issue was not caused by this pr.

hadoop.yarn.server.federation.store.records.TestFederationProtocolRecords

This issue has been fixed in YARN-11822. I will backport this PR to branch-3.4.

hadoop.yarn.server.nodemanager.containermanager.logaggregation.TestLogAggregationService
hadoop.yarn.server.resourcemanager.TestRMRestart

java.lang.OutOfMemoryError: unable to create new native thread.

The failure is due to an inability to create a new thread. In most cases, rebuilding will succeed upon retry.

However, the target branch of this PR seems incorrect. We should submit the code to branch-3.4 instead of branch-3.4.0, as branch-3.4.0 is no longer updated after the last release.

cc: @steveloughran @pjfanning @dongjoon-hyun