From 9663edc34578d253104db7433d0fe641aa105882 Mon Sep 17 00:00:00 2001 From: Shubham Kalloli Date: Fri, 23 Jan 2026 11:44:49 +0000 Subject: [PATCH 1/3] HADOOP-19791: Upgraded GCS to remediate CVE-2025-55163 Signed-off-by: Shubham Kalloli --- hadoop-cloud-storage-project/hadoop-gcp/pom.xml | 4 ++-- hadoop-project/pom.xml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/hadoop-cloud-storage-project/hadoop-gcp/pom.xml b/hadoop-cloud-storage-project/hadoop-gcp/pom.xml index ab2db7c729e92..d8b757693304b 100644 --- a/hadoop-cloud-storage-project/hadoop-gcp/pom.xml +++ b/hadoop-cloud-storage-project/hadoop-gcp/pom.xml @@ -462,12 +462,12 @@ com.google.guava guava - 33.4.0-jre + 33.5.0-jre com.google.protobuf protobuf-java - 3.25.5 + 3.25.8 diff --git a/hadoop-project/pom.xml b/hadoop-project/pom.xml index d902fd489edca..e9fd5a62c0c30 100644 --- a/hadoop-project/pom.xml +++ b/hadoop-project/pom.xml @@ -2209,7 +2209,7 @@ com.google.cloud google-cloud-storage - 2.52.0 + 2.62.0 From 4c48d57b63e4fc91a3f18342a363b43c0849958f Mon Sep 17 00:00:00 2001 From: Shubham Kalloli Date: Fri, 23 Jan 2026 11:52:20 +0000 Subject: [PATCH 2/3] Upgraded LICENSE-binary with the new versions Signed-off-by: Shubham Kalloli --- LICENSE-binary | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/LICENSE-binary b/LICENSE-binary index 02b50334ca565..db13f39cdc79a 100644 --- a/LICENSE-binary +++ b/LICENSE-binary @@ -240,10 +240,10 @@ com.google.api-client:google-api-client:2.7.2 com.google.api:gax:2.64.2 com.google.api:gax-grpc:2.64.2 com.google.api:gax-httpjson:2.64.2 -com.google.api.grpc:gapic-google-cloud-storage-v2:2.52.0 -com.google.api.grpc:grpc-google-cloud-storage-v2:2.52.0 +com.google.api.grpc:gapic-google-cloud-storage-v2:2.62.0 +com.google.api.grpc:grpc-google-cloud-storage-v2:2.62.0 com.google.api.grpc:proto-google-cloud-monitoring-v3:3.52.0 -com.google.api.grpc:proto-google-cloud-storage-v2:2.52.0 +com.google.api.grpc:proto-google-cloud-storage-v2:2.62.0 com.google.api.grpc:proto-google-common-protos:2.55.2 com.google.api.grpc:proto-google-iam-v1:1.50.2 com.google.apis:google-api-services-storage:v1-rev20250420-2.0.0 @@ -264,6 +264,7 @@ com.google.json-simple:json-simple:1.1.1 com.google.guava:failureaccess:1.0 com.google.guava:failureaccess:1.0.2 com.google.guava:guava:33.4.8-jre +com.google.guava:guava:33.5.0-jre com.google.guava:listenablefuture:9999.0-empty-to-avoid-conflict-with-guava com.google.http-client:google-http-client-apache-v2:1.46.3 com.google.http-client:google-http-client-appengine:1.46.3 @@ -300,7 +301,7 @@ io.grpc:grpc-googleapis:1.70.0 io.grpc:grpc-grpclb:1.70.0 io.grpc:grpc-inprocess:1.70.0 io.grpc:grpc-netty:1.69.0 -io.grpc:grpc-netty-shaded:1.70.0 +io.grpc:grpc-netty-shaded:1.76.2 io.grpc:grpc-opentelemetry:1.70.0 io.grpc:grpc-protobuf:1.69.0 io.grpc:grpc-protobuf:1.70.0 @@ -472,7 +473,7 @@ leveldb v1.13 com.google.auth:google-auth-library-credentials:1.33.1 com.google.auth:google-auth-library-oauth2-http:1.33.1 com.google.protobuf:protobuf-java:2.5.0 -com.google.protobuf:protobuf-java:3.25.5 +com.google.protobuf:protobuf-java:3.25.8 com.google.re2j:re2j:1.1 com.jcraft:jsch:0.1.55 com.thoughtworks.paranamer:paranamer:2.3 From d8a0610ad276dcfe55c1e592e03a22760622670f Mon Sep 17 00:00:00 2001 From: Shubham Kalloli Date: Fri, 23 Jan 2026 16:59:28 +0000 Subject: [PATCH 3/3] HADOOP-19719: Updated License-binary Signed-off-by: Shubham Kalloli --- LICENSE-binary | 1 + 1 file changed, 1 insertion(+) diff --git a/LICENSE-binary b/LICENSE-binary index db13f39cdc79a..8871f79acb91f 100644 --- a/LICENSE-binary +++ b/LICENSE-binary @@ -473,6 +473,7 @@ leveldb v1.13 com.google.auth:google-auth-library-credentials:1.33.1 com.google.auth:google-auth-library-oauth2-http:1.33.1 com.google.protobuf:protobuf-java:2.5.0 +com.google.protobuf:protobuf-java:3.25.5 com.google.protobuf:protobuf-java:3.25.8 com.google.re2j:re2j:1.1 com.jcraft:jsch:0.1.55