Merge pull request #1547 from soagarwal1/PPP-5541

[PPP-5541] - Vulnerable Component: jackson-databind within htrace-core-3.1.0-incubating.jar
pentaho · Jan 21, 2025 · a253040 · a253040
2 parents d14b763 + ae620b3
commit a253040
Show file tree

Hide file tree

Showing 8 changed files with 38 additions and 11 deletions.
diff --git a/shims/cdpdc71/driver/pom.xml b/shims/cdpdc71/driver/pom.xml
@@ -20,7 +20,7 @@
     <org.apache.orc.version>1.5.1.7.1.4.0-203</org.apache.orc.version>
     <parquet.version>1.10.99.7.1.4.0-203</parquet.version>
     <org.apache.hadoop.version>3.1.1.7.1.9.0-387</org.apache.hadoop.version>
-    <org.apache.hbase.version>2.2.3.7.1.4.0-203</org.apache.hbase.version>
+    <org.apache.hbase.version>2.4.17.7.1.9.0-387</org.apache.hbase.version>
     <org.apache.hive.version>3.1.3000.7.1.4.0-203</org.apache.hive.version>
     <org.apache.oozie.version>5.1.0.7.1.4.0-203</org.apache.oozie.version>
     <pig.version>0.16.0.7.1.4.0-203</pig.version>

diff --git a/shims/dataproc1421/driver/pom.xml b/shims/dataproc1421/driver/pom.xml
@@ -406,6 +406,10 @@
           <groupId>org.slf4j</groupId>
           <artifactId>slf4j-api</artifactId>
         </exclusion>
+        <exclusion>
+          <groupId>org.apache.htrace</groupId>
+          <artifactId>htrace-core4</artifactId>
+        </exclusion>
       </exclusions>
     </dependency>
     <dependency>
@@ -417,6 +421,10 @@
           <groupId>org.slf4j</groupId>
           <artifactId>slf4j-api</artifactId>
         </exclusion>
+        <exclusion>
+          <groupId>org.apache.htrace</groupId>
+          <artifactId>htrace-core4</artifactId>
+        </exclusion>
       </exclusions>
     </dependency>
     <dependency>
@@ -439,6 +447,10 @@
           <groupId>org.slf4j</groupId>
           <artifactId>slf4j-api</artifactId>
         </exclusion>
+        <exclusion>
+          <groupId>org.apache.htrace</groupId>
+          <artifactId>htrace-core4</artifactId>
+        </exclusion>
       </exclusions>
     </dependency>
     <dependency>
@@ -473,6 +485,10 @@
           <groupId>org.eclipse.jetty</groupId>
           <artifactId>*</artifactId>
         </exclusion>
+        <exclusion>
+          <groupId>org.apache.htrace</groupId>
+          <artifactId>htrace-core4</artifactId>
+        </exclusion>
       </exclusions>
     </dependency>
     <dependency>

diff --git a/shims/dataproc1421/driver/src/main/java/org/pentaho/hadoop/shim/HadoopShim.java b/shims/dataproc1421/driver/src/main/java/org/pentaho/hadoop/shim/HadoopShim.java
@@ -29,7 +29,6 @@
 import org.apache.hbase.thirdparty.com.google.common.collect.Lists;
 import org.apache.hbase.thirdparty.com.google.protobuf.UnsafeByteOperations;
 import org.apache.hbase.thirdparty.io.netty.channel.Channel;
-import org.apache.htrace.core.Tracer;
 import org.apache.zookeeper.ZooKeeper;
 import org.pentaho.hadoop.shim.api.internal.Configuration;
 import org.pentaho.hadoop.shim.api.internal.mapred.RunningJob;
@@ -55,7 +54,7 @@ public Class[] getHbaseDependencyClasses() {
       org.apache.hadoop.hbase.shaded.protobuf.generated.ClientProtos.class, Put.class,
       RpcServer.class, CompatibilityFactory.class, JobUtil.class, TableMapper.class, FastLongHistogram.class,
       Snapshot.class, ZooKeeper.class, Channel.class, Message.class, UnsafeByteOperations.class, Lists.class,
-      Tracer.class, MetricRegistry.class, ArrayUtils.class, ObjectMapper.class, Versioned.class, JsonView.class,
+      MetricRegistry.class, ArrayUtils.class, ObjectMapper.class, Versioned.class, JsonView.class,
       ZKWatcher.class
     };
   }

diff --git a/shims/dataproc1421/pmr/assembly.xml b/shims/dataproc1421/pmr/assembly.xml
@@ -20,7 +20,6 @@
         <include>org.apache.hbase:hbase-protocol-shaded</include>
         <include>org.apache.hbase:hbase-server</include>
         <include>org.apache.hbase:hbase-thrift</include>
-        <include>org.apache.htrace:htrace-core</include>
         <include>com.codahale.metrics:metrics-core</include>
         <include>org.apache.zookeeper:zookeeper</include>
         <include>org.apache.hbase.thirdparty:hbase-shaded-miscellaneous</include>

diff --git a/shims/dataproc1421/pom.xml b/shims/dataproc1421/pom.xml
@@ -33,13 +33,12 @@
 
     <!-- pmr folder -->
     <org.apache.hbase-prefix-tree.version>2.0.0-alpha4</org.apache.hbase-prefix-tree.version>
-    <htrace-core.version>2.04</htrace-core.version>
     <protobuf-java.version>2.5.0</protobuf-java.version>
     <commons-configuration.version>1.6</commons-configuration.version>
     <commons-configuration2.version>2.10.1</commons-configuration2.version>
     <geronimo-servlet_3.0_spec.version>1.0</geronimo-servlet_3.0_spec.version>
     <org.apache.hive.version>2.3.6</org.apache.hive.version>
-    <org.apache.hadoop.version>2.9.2</org.apache.hadoop.version>
+    <org.apache.hadoop.version>3.4.1</org.apache.hadoop.version>
     <org.apache.orc.version>1.3.4</org.apache.orc.version>
     <parquet.version>1.10.1</parquet.version>
     <org.antlr.version>3.5.2</org.antlr.version>

diff --git a/shims/hdi40/driver/pom.xml b/shims/hdi40/driver/pom.xml
@@ -18,8 +18,8 @@
     <org.apache.avro.version>1.12.0</org.apache.avro.version>
     <org.apache.orc.version>1.5.1.7.1.4.0-203</org.apache.orc.version>
     <parquet.version>1.10.99.7.1.4.0-203</parquet.version>
-    <org.apache.hadoop.version>3.1.1.7.1.4.0-203</org.apache.hadoop.version>
-    <org.apache.hbase.version>2.2.3.7.1.4.0-203</org.apache.hbase.version>
+    <org.apache.hadoop.version>3.1.1.7.1.9.0-387</org.apache.hadoop.version>
+    <org.apache.hbase.version>2.4.17.7.1.9.0-387</org.apache.hbase.version>
     <org.apache.hive.version>3.1.3000.7.1.4.0-203</org.apache.hive.version>
     <org.apache.oozie.version>5.1.0.7.1.4.0-203</org.apache.oozie.version>
     <pig.version>0.16.0.7.1.4.0-203</pig.version>
@@ -269,6 +269,10 @@
           <groupId>org.apache.hive</groupId>
           <artifactId>hive-exec</artifactId>
         </exclusion>
+        <exclusion>
+          <groupId>org.apache.htrace</groupId>
+          <artifactId>htrace-core4</artifactId>
+        </exclusion>
       </exclusions>
     </dependency>
     <!-- Needed since we excluded it from hive-service to address io.airlift transitive security issue  -->
@@ -450,6 +454,10 @@
           <groupId>org.slf4j</groupId>
           <artifactId>slf4j-api</artifactId>
         </exclusion>
+        <exclusion>
+          <groupId>org.apache.htrace</groupId>
+          <artifactId>htrace-core4</artifactId>
+        </exclusion>
       </exclusions>
     </dependency>
     <dependency>
@@ -461,6 +469,10 @@
           <groupId>org.slf4j</groupId>
           <artifactId>slf4j-api</artifactId>
         </exclusion>
+        <exclusion>
+          <groupId>org.apache.htrace</groupId>
+          <artifactId>htrace-core4</artifactId>
+        </exclusion>
       </exclusions>
     </dependency>
     <dependency>
@@ -513,6 +525,10 @@
           <groupId>org.slf4j</groupId>
           <artifactId>slf4j-api</artifactId>
         </exclusion>
+        <exclusion>
+          <groupId>org.apache.htrace</groupId>
+          <artifactId>htrace-core4</artifactId>
+        </exclusion>
       </exclusions>
     </dependency>
     <dependency>

diff --git a/shims/hdi40/driver/src/main/java/org/pentaho/hadoop/shim/HadoopShim.java b/shims/hdi40/driver/src/main/java/org/pentaho/hadoop/shim/HadoopShim.java
@@ -32,7 +32,6 @@
 import org.apache.hbase.thirdparty.com.google.common.collect.Lists;
 import org.apache.hbase.thirdparty.com.google.protobuf.UnsafeByteOperations;
 import org.apache.hbase.thirdparty.io.netty.channel.Channel;
-import org.apache.htrace.core.Tracer;
 import org.apache.zookeeper.ZooKeeper;
 import org.pentaho.hadoop.shim.common.HadoopShimImpl;
 
@@ -42,7 +41,7 @@ public Class[] getHbaseDependencyClasses() {
     return new Class[]{
       HConstants.class, ClientProtos.class, ClientProtos.class, Put.class, RpcServer.class, CompatibilityFactory.class,
       JobUtil.class, TableMapper.class, FastLongHistogram.class, Snapshot.class,
-      ZooKeeper.class, Channel.class, Message.class, UnsafeByteOperations.class, Lists.class, Tracer.class,
+      ZooKeeper.class, Channel.class, Message.class, UnsafeByteOperations.class, Lists.class,
       MetricRegistry.class, ArrayUtils.class, ObjectMapper.class, Versioned.class,
       JsonView.class, ZKWatcher.class, CacheLoader.class };
   }

diff --git a/shims/hdi40/pmr/assembly.xml b/shims/hdi40/pmr/assembly.xml
@@ -20,7 +20,6 @@
         <include>org.apache.hbase:hbase-protocol-shaded</include>
         <include>org.apache.hbase:hbase-server</include>
         <include>org.apache.hbase:hbase-thrift</include>
-        <include>org.apache.htrace:htrace-core</include>
         <include>com.codahale.metrics:metrics-core</include>
         <include>org.apache.zookeeper:zookeeper</include>
         <include>org.apache.hbase.thirdparty:hbase-shaded-miscellaneous</include>