data-platform team mailing list archive

[Enrico Deusebio <mp+477684@xxxxxxxxxxxxxxxxxx>]

Enrico Deusebio has proposed merging soss/+source/charmed-spark:release-3.4.2-ubuntu9 into soss/+source/charmed-spark:lp-3.4.2.

Commit message:







Requested reviews:
  Canonical Data Platform (data-platform)

For more details, see:
https://code.launchpad.net/~data-platform/soss/+source/charmed-spark/+git/charmed-spark/+merge/477684

Bumping hadoop for including newer version of Hadoop that fixes:

- avro (CVE-2024-47561)
- protobuf-java (CVE-2024-7254, CVE-2021-22569, CVE-2021-22570, CVE-2022-3509, CVE-2022-3510, CVE-2024-7254, CVE-2022-3171)
- nimbus-jose-jwt (CVE-2023-52428)
- dnsjava (CVE-2024-25638)
- netty-codec-http, netty-handler (CVE-2024-29025, CVE-2023-34462)


See https://code.launchpad.net/~data-platform/soss/+source/hadoop/+git/hadoop/+merge/476967
-- 
Your team Canonical Data Platform is requested to review the proposed merge of soss/+source/charmed-spark:release-3.4.2-ubuntu9 into soss/+source/charmed-spark:lp-3.4.2.

diff --git a/pom.xml b/pom.xml
index 1b73b6a..6c1a169 100644
--- a/pom.xml
+++ b/pom.xml
@@ -119,7 +119,7 @@
     <slf4j.version>2.0.6</slf4j.version>
     <log4j.version>2.19.0</log4j.version>
     <!-- make sure to update IsolatedClientLoader whenever this version is changed -->
-    <hadoop.version>3.3.6-ubuntu2</hadoop.version>
+    <hadoop.version>3.3.6-ubuntu3</hadoop.version>
     <!-- SPARK-41247: When updating `protobuf.version`, also need to update `protoVersion` in `SparkBuild.scala` -->
     <protobuf.version>3.25.5</protobuf.version>
     <protoc-jar-maven-plugin.version>3.11.4</protoc-jar-maven-plugin.version>