diff --git a/gradle/verification-metadata.xml b/gradle/verification-metadata.xml
index 2dfb9276ed6de..a5aaad886c7bf 100644
--- a/gradle/verification-metadata.xml
+++ b/gradle/verification-metadata.xml
@@ -1171,6 +1171,11 @@
+
+
+
+
+
@@ -1221,16 +1226,16 @@
-
-
-
-
-
+
+
+
+
+
@@ -2327,14 +2332,14 @@
-
-
-
+
+
+
-
-
-
+
+
+
@@ -2369,9 +2374,9 @@
-
-
-
+
+
+
diff --git a/plugins/repository-hdfs/build.gradle b/plugins/repository-hdfs/build.gradle
index 741542477e446..92bdc38ddfdb1 100644
--- a/plugins/repository-hdfs/build.gradle
+++ b/plugins/repository-hdfs/build.gradle
@@ -20,7 +20,7 @@ esplugin {
}
versions << [
- 'hadoop': '3.3.3'
+ 'hadoop': '3.4.1'
]
configurations {
@@ -42,9 +42,9 @@ dependencies {
api "com.google.protobuf:protobuf-java:${versions.protobuf}"
api "commons-logging:commons-logging:${versions.commonslogging}"
api "org.apache.logging.log4j:log4j-1.2-api:${versions.log4j}"
- api 'commons-cli:commons-cli:1.2'
+ api 'commons-cli:commons-cli:1.5.0'
api "commons-codec:commons-codec:${versions.commonscodec}"
- api 'commons-io:commons-io:2.8.0'
+ api 'commons-io:commons-io:2.16.1'
api 'org.apache.commons:commons-lang3:3.11'
api 'javax.servlet:javax.servlet-api:3.1.0'
api "org.slf4j:slf4j-api:${versions.slf4j}"
@@ -58,14 +58,14 @@ dependencies {
javaRestTestImplementation project(':test:fixtures:krb5kdc-fixture')
javaRestTestImplementation "org.slf4j:slf4j-api:${versions.slf4j}"
javaRestTestRuntimeOnly "com.google.guava:guava:16.0.1"
- javaRestTestRuntimeOnly "commons-cli:commons-cli:1.2"
+ javaRestTestRuntimeOnly "commons-cli:commons-cli:1.5.0"
javaRestTestRuntimeOnly "org.apache.logging.log4j:log4j-1.2-api:${versions.log4j}"
yamlRestTestCompileOnly(project(':test:fixtures:hdfs-fixture'))
yamlRestTestImplementation project(':test:fixtures:krb5kdc-fixture')
yamlRestTestImplementation "org.slf4j:slf4j-api:${versions.slf4j}"
yamlRestTestRuntimeOnly "com.google.guava:guava:16.0.1"
- yamlRestTestRuntimeOnly "commons-cli:commons-cli:1.2"
+ yamlRestTestRuntimeOnly "commons-cli:commons-cli:1.5.0"
yamlRestTestRuntimeOnly "org.apache.logging.log4j:log4j-1.2-api:${versions.log4j}"
hdfsFixture2 project(path: ':test:fixtures:hdfs-fixture', configuration: 'shadowedHdfs2')
@@ -178,7 +178,6 @@ tasks.named("thirdPartyAudit").configure {
'org.apache.hadoop.thirdparty.com.google.common.hash.LittleEndianByteArray$UnsafeByteArray',
'org.apache.hadoop.thirdparty.com.google.common.hash.LittleEndianByteArray$UnsafeByteArray$1',
'org.apache.hadoop.thirdparty.com.google.common.hash.LittleEndianByteArray$UnsafeByteArray$2',
- 'org.apache.hadoop.thirdparty.com.google.common.hash.LittleEndianByteArray$UnsafeByteArray$3',
'org.apache.hadoop.thirdparty.com.google.common.hash.Striped64',
'org.apache.hadoop.thirdparty.com.google.common.hash.Striped64$1',
'org.apache.hadoop.thirdparty.com.google.common.hash.Striped64$Cell',
@@ -189,6 +188,9 @@ tasks.named("thirdPartyAudit").configure {
'org.apache.hadoop.thirdparty.protobuf.UnsafeUtil',
'org.apache.hadoop.thirdparty.protobuf.UnsafeUtil$1',
'org.apache.hadoop.thirdparty.protobuf.UnsafeUtil$JvmMemoryAccessor',
- 'org.apache.hadoop.thirdparty.protobuf.UnsafeUtil$MemoryAccessor'
+ 'org.apache.hadoop.thirdparty.protobuf.UnsafeUtil$MemoryAccessor',
+ 'org.apache.hadoop.thirdparty.protobuf.MessageSchema',
+ 'org.apache.hadoop.thirdparty.protobuf.UnsafeUtil$Android32MemoryAccessor',
+ 'org.apache.hadoop.thirdparty.protobuf.UnsafeUtil$Android64MemoryAccessor'
)
}
diff --git a/plugins/repository-hdfs/src/main/java/org/elasticsearch/repositories/hdfs/HdfsSecurityContext.java b/plugins/repository-hdfs/src/main/java/org/elasticsearch/repositories/hdfs/HdfsSecurityContext.java
index 98aa9951172ba..ce6acd79a0bb9 100644
--- a/plugins/repository-hdfs/src/main/java/org/elasticsearch/repositories/hdfs/HdfsSecurityContext.java
+++ b/plugins/repository-hdfs/src/main/java/org/elasticsearch/repositories/hdfs/HdfsSecurityContext.java
@@ -47,7 +47,8 @@ class HdfsSecurityContext {
// 2) allow hadoop to add credentials to our Subject
new AuthPermission("modifyPrivateCredentials"),
// 3) RPC Engine requires this for re-establishing pooled connections over the lifetime of the client
- new PrivateCredentialPermission("org.apache.hadoop.security.Credentials * \"*\"", "read") };
+ new PrivateCredentialPermission("org.apache.hadoop.security.Credentials * \"*\"", "read"),
+ new RuntimePermission("getClassLoader") };
// If Security is enabled, we need all the following elevated permissions:
KERBEROS_AUTH_PERMISSIONS = new Permission[] {