Skip to content

HIVE-26829: Upgrade avro to 1.11.0 #3878

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

HIVE-26829: Upgrade avro to 1.11.0 #3878

wants to merge 1 commit into from

Conversation

Aggarwal-Raghav
Copy link
Contributor

What changes were proposed in this pull request?

To upgrade avro version to 1.11.0

Why are the changes needed?

To address the CVE-2021-43045

Does this PR introduce any user-facing change?

No

How was this patch tested?

On local machine

@sonarqubecloud
Copy link

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
No Duplication information No Duplication information

cnauroth
cnauroth approved these changes Dec 19, 2022
View reviewed changes
Copy link
Contributor

@cnauroth cnauroth left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

+1 (non-binding)

I applied the patch locally. I confirmed the new Avro version in mvn dependency:tree. I ran a full build with -Pdist -Piceberg and confirmed that the new version was getting bundled in the distro.

Thank you for the patch, @Aggarwal-Raghav .

@Aggarwal-Raghav
Copy link
Contributor Author

How I tested this:
When on avro 1.8.2: Created a avro table and inserted some data to it.

Replaced avro jars with 1.11.0: Restarted the services and was able to read and insert data into the previously created avro table.

@brahmareddybattula
Copy link

@Aggarwal-Raghav thanks for reporting and working on this.

@cnauroth / @Aggarwal-Raghav , I have one query.?
How compatible is this with 1.9.2.? Did we already checked the hadoop change hence we removed the classifier.?
we need to check with hadoop as hadoop move to thirdparty
apache/hadoop-thirdparty#21 .?

@cnauroth
Copy link
Contributor

cnauroth commented Dec 27, 2022
edited
Loading

Hello @brahmareddybattula . I reviewed Avro release notes between 1.9.2 and 1.11.0. I didn't find any mention of backward-incompatible changes, though I don't know if that's a definitive answer.

Hadoop noticed a potential incompatibility in the upgrade from 1.8.2. to 1.9.0, documented in HADOOP-13386. I'm wondering if the testing mentioned by @Aggarwal-Raghav is sufficient to show the upgrade is safe?

While researching, I noticed that Avro has released 1.11.1, so if we can confirm the upgrade is safe, then perhaps we want to jump to that.

I wasn't clear on what we should check with Hadoop, but if you want to start a conversation on the Hadoop dev list or tag other Hadoop contributors here, please do so.

@zabetak zabetak closed this in 4784df9 Feb 24, 2023
InvisibleProgrammer pushed a commit to InvisibleProgrammer/hive that referenced this pull request Feb 28, 2023
@akshat0395 @zsmiskolczi
HIVE-26954: Upgrade Avro to 1.11.1 (Akshat Mathur reviewed by Ayush S…
365e1d6 
…axena, Stamatis Zampetakis, Chris Nauroth)

Co-authored-by: Raghav Aggarwal <raghavaggarwal03.ra@gmail.com>

Closes apache#3878
Closes apache#4012
kasakrisz pushed a commit to kasakrisz/hive that referenced this pull request May 4, 2023
@akshat0395 @kasakrisz
HIVE-26954: Upgrade Avro to 1.11.1 (Akshat Mathur reviewed by Ayush S…
a404778 
…axena, Stamatis Zampetakis, Chris Nauroth)

Co-authored-by: Raghav Aggarwal <raghavaggarwal03.ra@gmail.com>

Closes apache#3878
Closes apache#4012
yeahyung pushed a commit to yeahyung/hive that referenced this pull request Jul 20, 2023
@akshat0395 @yeahyung
HIVE-26954: Upgrade Avro to 1.11.1 (Akshat Mathur reviewed by Ayush S…
e38b710 
…axena, Stamatis Zampetakis, Chris Nauroth)

Co-authored-by: Raghav Aggarwal <raghavaggarwal03.ra@gmail.com>

Closes apache#3878
Closes apache#4012
tarak271 pushed a commit to tarak271/hive-1 that referenced this pull request Dec 19, 2023
@akshat0395 @tarak271
HIVE-26954: Upgrade Avro to 1.11.1 (Akshat Mathur reviewed by Ayush S…
aa0ce21 
…axena, Stamatis Zampetakis, Chris Nauroth)

Co-authored-by: Raghav Aggarwal <raghavaggarwal03.ra@gmail.com>

Closes apache#3878
Closes apache#4012
@Aggarwal-Raghav Aggarwal-Raghav deleted the avro-update branch October 10, 2024 14:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cnauroth cnauroth cnauroth approved these changes

Assignees
No one assigned
Labels
tests passed
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@Aggarwal-Raghav @brahmareddybattula @cnauroth @kgyrtkirk