HADOOP-19578: Upgrade esdk-obs-java to resolve CVE-2023-3635

[YanivKunda]

Description of PR

Upgrade esdk-obs-java (in hadoop-huaweicloud) to resolve CVE-2023-3635

How was this patch tested?

Ran existing tests.

For code changes:

• Does the title or this PR starts with the corresponding JIRA issue id (e.g. 'HADOOP-17799. Your PR title ...')?
• Object storage: have the integration tests been executed and the endpoint declared according to the connector-specific documentation?
• If adding new dependencies to the code, are these dependencies licensed in a way that is compatible for inclusion under ASF 2.0?
• If applicable, have you updated the LICENSE, LICENSE-binary, NOTICE-binary files?

[hadoop-yetus]

💔 -1 overall

Vote	Subsystem	Runtime	Logfile	Comment
+0 🆗	reexec	21m 12s		Docker mode activated.
			_ Prechecks _
+1 💚	dupname	0m 0s		No case conflicting files found.
+0 🆗	codespell	0m 0s		codespell was not available.
+0 🆗	detsecrets	0m 0s		detect-secrets was not available.
+0 🆗	xmllint	0m 0s		xmllint was not available.
+1 💚	@author	0m 0s		The patch does not contain any @author tags.
-1 ❌	test4tests	0m 0s		The patch doesn't appear to include any new or modified tests. Please justify why no new tests are needed for this patch. Also please list what manual steps were performed to verify this patch.
			_ trunk Compile Tests _
+1 💚	mvninstall	35m 40s		trunk passed
+1 💚	compile	0m 29s		trunk passed with JDK Ubuntu-11.0.27+6-post-Ubuntu-0ubuntu120.04
+1 💚	compile	0m 28s		trunk passed with JDK Private Build-1.8.0_452-8u452-gaus1-0ubuntu120.04-b09
+1 💚	mvnsite	0m 33s		trunk passed
+1 💚	javadoc	0m 34s		trunk passed with JDK Ubuntu-11.0.27+6-post-Ubuntu-0ubuntu120.04
+1 💚	javadoc	0m 28s		trunk passed with JDK Private Build-1.8.0_452-8u452-gaus1-0ubuntu120.04-b09
+1 💚	shadedclient	71m 56s		branch has no errors when building and testing our client artifacts.
			_ Patch Compile Tests _
-1 ❌	mvninstall	0m 24s	/patch-mvninstall-hadoop-cloud-storage-project_hadoop-huaweicloud.txt	hadoop-huaweicloud in the patch failed.
+1 💚	compile	0m 19s		the patch passed with JDK Ubuntu-11.0.27+6-post-Ubuntu-0ubuntu120.04
+1 💚	javac	0m 19s		the patch passed
+1 💚	compile	0m 19s		the patch passed with JDK Private Build-1.8.0_452-8u452-gaus1-0ubuntu120.04-b09
+1 💚	javac	0m 19s		the patch passed
+1 💚	blanks	0m 0s		The patch has no blanks issues.
+1 💚	mvnsite	0m 21s		the patch passed
+1 💚	javadoc	0m 20s		the patch passed with JDK Ubuntu-11.0.27+6-post-Ubuntu-0ubuntu120.04
+1 💚	javadoc	0m 19s		the patch passed with JDK Private Build-1.8.0_452-8u452-gaus1-0ubuntu120.04-b09
+1 💚	shadedclient	34m 59s		patch has no errors when building and testing our client artifacts.
			_ Other Tests _
+1 💚	unit	0m 24s		hadoop-huaweicloud in the patch passed.
+1 💚	asflicense	0m 37s		The patch does not generate ASF License warnings.
		132m 1s

Subsystem	Report/Notes
Docker	ClientAPI=1.49 ServerAPI=1.49 base: https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-7707/1/artifact/out/Dockerfile
GITHUB PR	#7707
Optional Tests	dupname asflicense compile javac javadoc mvninstall mvnsite unit shadedclient codespell detsecrets xmllint
uname	Linux 75c9a3d9b31f 5.15.0-136-generic #147-Ubuntu SMP Sat Mar 15 15:53:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux
Build tool	maven
Personality	dev-support/bin/hadoop.sh
git revision	trunk / c3f593b
Default Java	Private Build-1.8.0_452-8u452-gaus1-0ubuntu120.04-b09
Multi-JDK versions	/usr/lib/jvm/java-11-openjdk-amd64:Ubuntu-11.0.27+6-post-Ubuntu-0ubuntu120.04 /usr/lib/jvm/java-8-openjdk-amd64:Private Build-1.8.0_452-8u452-gaus1-0ubuntu120.04-b09
Test Results	https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-7707/1/testReport/
Max. process+thread count	557 (vs. ulimit of 5500)
modules	C: hadoop-cloud-storage-project/hadoop-huaweicloud U: hadoop-cloud-storage-project/hadoop-huaweicloud
Console output	https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-7707/1/console
versions	git=2.25.1 maven=3.6.3
Powered by	Apache Yetus 0.14.0 https://yetus.apache.org

This message was automatically generated.

[slfan1989]

https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-7707/1/artifact/out/patch-mvninstall-hadoop-cloud-storage-project_hadoop-huaweicloud.txt

[ERROR] Dependency convergence error for com.squareup.okio:okio:jar:3.6.0 paths to dependency are:
[ERROR] +-org.apache.hadoop:hadoop-huaweicloud:jar:3.5.0-SNAPSHOT
[ERROR] +-com.huaweicloud:esdk-obs-java:jar:3.25.4:compile
[ERROR] +-com.squareup.okhttp3:okhttp:jar:4.12.0:compile
[ERROR] +-com.squareup.okio:okio:jar:3.6.0:compile
[ERROR] and
[ERROR] +-org.apache.hadoop:hadoop-huaweicloud:jar:3.5.0-SNAPSHOT
[ERROR] +-com.huaweicloud:esdk-obs-java:jar:3.25.4:compile
[ERROR] +-com.squareup.okio:okio:jar:3.8.0:compile

We need to resolve this compilation error.

[YanivKunda]

@slfan1989 this is an internal dependency "issue" with the esdk-obj-java library -
It uses OkHttp 4.12.0 which declares OkIo 3.6.0,
But it also uses OkIo 3.8.0 directly, overriding OkHttp's version of choice.
If this discrepancy is contained within a single (and external) part of the dependency tree, can this warning be suppressed?

[steveloughran]

the pom dependency declarations will need to explicitly exclude the 3.6 versoin; look for the many other uses of to see this in use

[hadoop-yetus]

💔 -1 overall

Vote	Subsystem	Runtime	Logfile	Comment
+0 🆗	reexec	20m 57s		Docker mode activated.
			_ Prechecks _
+1 💚	dupname	0m 0s		No case conflicting files found.
+0 🆗	codespell	0m 0s		codespell was not available.
+0 🆗	detsecrets	0m 0s		detect-secrets was not available.
+0 🆗	xmllint	0m 0s		xmllint was not available.
+1 💚	@author	0m 0s		The patch does not contain any @author tags.
-1 ❌	test4tests	0m 0s		The patch doesn't appear to include any new or modified tests. Please justify why no new tests are needed for this patch. Also please list what manual steps were performed to verify this patch.
			_ trunk Compile Tests _
+1 💚	mvninstall	37m 22s		trunk passed
+1 💚	compile	0m 29s		trunk passed with JDK Ubuntu-11.0.27+6-post-Ubuntu-0ubuntu120.04
+1 💚	compile	0m 28s		trunk passed with JDK Private Build-1.8.0_452-8u452-gaus1-0ubuntu120.04-b09
+1 💚	mvnsite	0m 33s		trunk passed
+1 💚	javadoc	0m 35s		trunk passed with JDK Ubuntu-11.0.27+6-post-Ubuntu-0ubuntu120.04
+1 💚	javadoc	0m 27s		trunk passed with JDK Private Build-1.8.0_452-8u452-gaus1-0ubuntu120.04-b09
+1 💚	shadedclient	74m 50s		branch has no errors when building and testing our client artifacts.
			_ Patch Compile Tests _
+1 💚	mvninstall	0m 24s		the patch passed
+1 💚	compile	0m 20s		the patch passed with JDK Ubuntu-11.0.27+6-post-Ubuntu-0ubuntu120.04
+1 💚	javac	0m 20s		the patch passed
+1 💚	compile	0m 19s		the patch passed with JDK Private Build-1.8.0_452-8u452-gaus1-0ubuntu120.04-b09
+1 💚	javac	0m 19s		the patch passed
+1 💚	blanks	0m 0s		The patch has no blanks issues.
+1 💚	mvnsite	0m 22s		the patch passed
+1 💚	javadoc	0m 20s		the patch passed with JDK Ubuntu-11.0.27+6-post-Ubuntu-0ubuntu120.04
+1 💚	javadoc	0m 19s		the patch passed with JDK Private Build-1.8.0_452-8u452-gaus1-0ubuntu120.04-b09
+1 💚	shadedclient	35m 52s		patch has no errors when building and testing our client artifacts.
			_ Other Tests _
+1 💚	unit	0m 23s		hadoop-huaweicloud in the patch passed.
+1 💚	asflicense	0m 38s		The patch does not generate ASF License warnings.
		135m 32s

Subsystem	Report/Notes
Docker	ClientAPI=1.51 ServerAPI=1.51 base: https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-7707/3/artifact/out/Dockerfile
GITHUB PR	#7707
Optional Tests	dupname asflicense compile javac javadoc mvninstall mvnsite unit shadedclient codespell detsecrets xmllint
uname	Linux 79aa806cbc5b 5.15.0-143-generic #153-Ubuntu SMP Fri Jun 13 19:10:45 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux
Build tool	maven
Personality	dev-support/bin/hadoop.sh
git revision	trunk / 1027e19
Default Java	Private Build-1.8.0_452-8u452-gaus1-0ubuntu120.04-b09
Multi-JDK versions	/usr/lib/jvm/java-11-openjdk-amd64:Ubuntu-11.0.27+6-post-Ubuntu-0ubuntu120.04 /usr/lib/jvm/java-8-openjdk-amd64:Private Build-1.8.0_452-8u452-gaus1-0ubuntu120.04-b09
Test Results	https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-7707/3/testReport/
Max. process+thread count	694 (vs. ulimit of 5500)
modules	C: hadoop-cloud-storage-project/hadoop-huaweicloud U: hadoop-cloud-storage-project/hadoop-huaweicloud
Console output	https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-7707/3/console
versions	git=2.25.1 maven=3.6.3
Powered by	Apache Yetus 0.14.0 https://yetus.apache.org

This message was automatically generated.

[hadoop-yetus]

🎊 +1 overall

Vote	Subsystem	Runtime	Logfile	Comment
+0 🆗	reexec	0m 57s		Docker mode activated.
			_ Prechecks _
+1 💚	dupname	0m 0s		No case conflicting files found.
+0 🆗	codespell	0m 1s		codespell was not available.
+0 🆗	detsecrets	0m 1s		detect-secrets was not available.
+0 🆗	xmllint	0m 1s		xmllint was not available.
+1 💚	@author	0m 0s		The patch does not contain any @author tags.
+1 💚	test4tests	0m 0s		The patch appears to include 3 new or modified test files.
			_ trunk Compile Tests _
+0 🆗	mvndep	43m 7s		Maven dependency ordering for branch
+1 💚	mvninstall	32m 34s		trunk passed
+1 💚	compile	15m 50s		trunk passed with JDK Ubuntu-11.0.27+6-post-Ubuntu-0ubuntu120.04
+1 💚	compile	14m 4s		trunk passed with JDK Private Build-1.8.0_452-8u452-gaus1-0ubuntu120.04-b09
+1 💚	checkstyle	4m 10s		trunk passed
+1 💚	mvnsite	2m 43s		trunk passed
+1 💚	javadoc	2m 38s		trunk passed with JDK Ubuntu-11.0.27+6-post-Ubuntu-0ubuntu120.04
+1 💚	javadoc	2m 24s		trunk passed with JDK Private Build-1.8.0_452-8u452-gaus1-0ubuntu120.04-b09
+1 💚	spotbugs	3m 39s		trunk passed
+1 💚	shadedclient	35m 36s		branch has no errors when building and testing our client artifacts.
			_ Patch Compile Tests _
+0 🆗	mvndep	0m 44s		Maven dependency ordering for patch
+1 💚	mvninstall	1m 21s		the patch passed
+1 💚	compile	15m 14s		the patch passed with JDK Ubuntu-11.0.27+6-post-Ubuntu-0ubuntu120.04
+1 💚	javac	15m 14s		the patch passed
+1 💚	compile	14m 1s		the patch passed with JDK Private Build-1.8.0_452-8u452-gaus1-0ubuntu120.04-b09
+1 💚	javac	14m 1s		the patch passed
+1 💚	blanks	0m 0s		The patch has no blanks issues.
-0 ⚠️	checkstyle	4m 15s	/results-checkstyle-root.txt	root: The patch generated 2 new + 1 unchanged - 0 fixed = 3 total (was 1)
+1 💚	mvnsite	2m 37s		the patch passed
+1 💚	javadoc	2m 32s		the patch passed with JDK Ubuntu-11.0.27+6-post-Ubuntu-0ubuntu120.04
+1 💚	javadoc	2m 17s		the patch passed with JDK Private Build-1.8.0_452-8u452-gaus1-0ubuntu120.04-b09
+1 💚	spotbugs	4m 14s		the patch passed
+1 💚	shadedclient	37m 35s		patch has no errors when building and testing our client artifacts.
			_ Other Tests _
+1 💚	unit	3m 45s		hadoop-aws in the patch passed.
+1 💚	unit	3m 10s		hadoop-azure in the patch passed.
+1 💚	unit	0m 44s		hadoop-huaweicloud in the patch passed.
+1 💚	asflicense	1m 1s		The patch does not generate ASF License warnings.
		256m 34s

Subsystem	Report/Notes
Docker	ClientAPI=1.51 ServerAPI=1.51 base: https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-7707/4/artifact/out/Dockerfile
GITHUB PR	#7707
Optional Tests	dupname asflicense compile javac javadoc mvninstall mvnsite unit shadedclient codespell detsecrets xmllint spotbugs checkstyle
uname	Linux cc83461cb629 5.15.0-143-generic #153-Ubuntu SMP Fri Jun 13 19:10:45 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux
Build tool	maven
Personality	dev-support/bin/hadoop.sh
git revision	trunk / e556bde
Default Java	Private Build-1.8.0_452-8u452-gaus1-0ubuntu120.04-b09
Multi-JDK versions	/usr/lib/jvm/java-11-openjdk-amd64:Ubuntu-11.0.27+6-post-Ubuntu-0ubuntu120.04 /usr/lib/jvm/java-8-openjdk-amd64:Private Build-1.8.0_452-8u452-gaus1-0ubuntu120.04-b09
Test Results	https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-7707/4/testReport/
Max. process+thread count	554 (vs. ulimit of 5500)
modules	C: hadoop-tools/hadoop-aws hadoop-tools/hadoop-azure hadoop-cloud-storage-project/hadoop-huaweicloud U: .
Console output	https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-7707/4/console
versions	git=2.25.1 maven=3.6.3 spotbugs=4.2.2
Powered by	Apache Yetus 0.14.0 https://yetus.apache.org

This message was automatically generated.

[YanivKunda]

@steveloughran I've used dependencyManagement instead of exclusion -
It's cleaner and hopefully acceptable.

[steveloughran]

comments; do those and we can merge.

@YanivKunda if you can get this done ASAP we can target 3.4.2

[hadoop-yetus]

💔 -1 overall

Vote	Subsystem	Runtime	Logfile	Comment
+0 🆗	reexec	0m 19s		Docker mode activated.
			_ Prechecks _
+1 💚	dupname	0m 0s		No case conflicting files found.
+0 🆗	codespell	0m 1s		codespell was not available.
+0 🆗	detsecrets	0m 1s		detect-secrets was not available.
+0 🆗	xmllint	0m 1s		xmllint was not available.
+1 💚	@author	0m 0s		The patch does not contain any @author tags.
-1 ❌	test4tests	0m 0s		The patch doesn't appear to include any new or modified tests. Please justify why no new tests are needed for this patch. Also please list what manual steps were performed to verify this patch.
			_ trunk Compile Tests _
+0 🆗	mvndep	8m 16s		Maven dependency ordering for branch
+1 💚	mvninstall	19m 58s		trunk passed
+1 💚	compile	8m 30s		trunk passed with JDK Ubuntu-11.0.27+6-post-Ubuntu-0ubuntu120.04
+1 💚	compile	7m 38s		trunk passed with JDK Private Build-1.8.0_452-8u452-gaus1-0ubuntu120.04-b09
+1 💚	mvnsite	0m 57s		trunk passed
+1 💚	javadoc	0m 58s		trunk passed with JDK Ubuntu-11.0.27+6-post-Ubuntu-0ubuntu120.04
+1 💚	javadoc	0m 53s		trunk passed with JDK Private Build-1.8.0_452-8u452-gaus1-0ubuntu120.04-b09
+1 💚	shadedclient	68m 44s		branch has no errors when building and testing our client artifacts.
			_ Patch Compile Tests _
+0 🆗	mvndep	0m 28s		Maven dependency ordering for patch
+1 💚	mvninstall	0m 25s		the patch passed
+1 💚	compile	8m 9s		the patch passed with JDK Ubuntu-11.0.27+6-post-Ubuntu-0ubuntu120.04
+1 💚	javac	8m 9s		the patch passed
+1 💚	compile	7m 39s		the patch passed with JDK Private Build-1.8.0_452-8u452-gaus1-0ubuntu120.04-b09
+1 💚	javac	7m 39s		the patch passed
+1 💚	blanks	0m 0s		The patch has no blanks issues.
+1 💚	mvnsite	0m 54s		the patch passed
+1 💚	javadoc	0m 55s		the patch passed with JDK Ubuntu-11.0.27+6-post-Ubuntu-0ubuntu120.04
+1 💚	javadoc	0m 56s		the patch passed with JDK Private Build-1.8.0_452-8u452-gaus1-0ubuntu120.04-b09
+1 💚	shadedclient	25m 31s		patch has no errors when building and testing our client artifacts.
			_ Other Tests _
+1 💚	unit	0m 22s		hadoop-project in the patch passed.
+1 💚	unit	0m 29s		hadoop-huaweicloud in the patch passed.
+1 💚	asflicense	0m 42s		The patch does not generate ASF License warnings.
		114m 2s

Subsystem	Report/Notes
Docker	ClientAPI=1.51 ServerAPI=1.51 base: https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-7707/6/artifact/out/Dockerfile
GITHUB PR	#7707
Optional Tests	dupname asflicense compile javac javadoc mvninstall mvnsite unit shadedclient codespell detsecrets xmllint
uname	Linux 92638f31a448 5.15.0-143-generic #153-Ubuntu SMP Fri Jun 13 19:10:45 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux
Build tool	maven
Personality	dev-support/bin/hadoop.sh
git revision	trunk / 9561b9f
Default Java	Private Build-1.8.0_452-8u452-gaus1-0ubuntu120.04-b09
Multi-JDK versions	/usr/lib/jvm/java-11-openjdk-amd64:Ubuntu-11.0.27+6-post-Ubuntu-0ubuntu120.04 /usr/lib/jvm/java-8-openjdk-amd64:Private Build-1.8.0_452-8u452-gaus1-0ubuntu120.04-b09
Test Results	https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-7707/6/testReport/
Max. process+thread count	701 (vs. ulimit of 5500)
modules	C: hadoop-project hadoop-cloud-storage-project/hadoop-huaweicloud U: .
Console output	https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-7707/6/console
versions	git=2.25.1 maven=3.6.3
Powered by	Apache Yetus 0.14.0 https://yetus.apache.org

This message was automatically generated.

[hadoop-yetus]

💔 -1 overall

Vote	Subsystem	Runtime	Logfile	Comment
+0 🆗	reexec	19m 58s		Docker mode activated.
			_ Prechecks _
+1 💚	dupname	0m 0s		No case conflicting files found.
+0 🆗	codespell	0m 0s		codespell was not available.
+0 🆗	detsecrets	0m 0s		detect-secrets was not available.
+0 🆗	xmllint	0m 0s		xmllint was not available.
+1 💚	@author	0m 0s		The patch does not contain any @author tags.
-1 ❌	test4tests	0m 0s		The patch doesn't appear to include any new or modified tests. Please justify why no new tests are needed for this patch. Also please list what manual steps were performed to verify this patch.
			_ trunk Compile Tests _
+0 🆗	mvndep	8m 48s		Maven dependency ordering for branch
+1 💚	mvninstall	32m 40s		trunk passed
+1 💚	compile	15m 47s		trunk passed with JDK Ubuntu-11.0.27+6-post-Ubuntu-0ubuntu120.04
+1 💚	compile	13m 54s		trunk passed with JDK Private Build-1.8.0_452-8u452-gaus1-0ubuntu120.04-b09
+1 💚	mvnsite	1m 29s		trunk passed
+1 💚	javadoc	1m 27s		trunk passed with JDK Ubuntu-11.0.27+6-post-Ubuntu-0ubuntu120.04
+1 💚	javadoc	1m 22s		trunk passed with JDK Private Build-1.8.0_452-8u452-gaus1-0ubuntu120.04-b09
+1 💚	shadedclient	111m 7s		branch has no errors when building and testing our client artifacts.
			_ Patch Compile Tests _
+0 🆗	mvndep	0m 39s		Maven dependency ordering for patch
+1 💚	mvninstall	0m 36s		the patch passed
+1 💚	compile	15m 15s		the patch passed with JDK Ubuntu-11.0.27+6-post-Ubuntu-0ubuntu120.04
+1 💚	javac	15m 15s		the patch passed
+1 💚	compile	13m 50s		the patch passed with JDK Private Build-1.8.0_452-8u452-gaus1-0ubuntu120.04-b09
+1 💚	javac	13m 50s		the patch passed
+1 💚	blanks	0m 0s		The patch has no blanks issues.
+1 💚	mvnsite	1m 26s		the patch passed
+1 💚	javadoc	1m 26s		the patch passed with JDK Ubuntu-11.0.27+6-post-Ubuntu-0ubuntu120.04
+1 💚	javadoc	1m 22s		the patch passed with JDK Private Build-1.8.0_452-8u452-gaus1-0ubuntu120.04-b09
+1 💚	shadedclient	41m 53s		patch has no errors when building and testing our client artifacts.
			_ Other Tests _
+1 💚	unit	0m 39s		hadoop-project in the patch passed.
+1 💚	unit	0m 44s		hadoop-huaweicloud in the patch passed.
+1 💚	asflicense	1m 7s		The patch does not generate ASF License warnings.
		207m 49s

Subsystem	Report/Notes
Docker	ClientAPI=1.51 ServerAPI=1.51 base: https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-7707/5/artifact/out/Dockerfile
GITHUB PR	#7707
Optional Tests	dupname asflicense compile javac javadoc mvninstall mvnsite unit shadedclient codespell detsecrets xmllint
uname	Linux 40b646e24951 5.15.0-143-generic #153-Ubuntu SMP Fri Jun 13 19:10:45 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux
Build tool	maven
Personality	dev-support/bin/hadoop.sh
git revision	trunk / 9561b9f
Default Java	Private Build-1.8.0_452-8u452-gaus1-0ubuntu120.04-b09
Multi-JDK versions	/usr/lib/jvm/java-11-openjdk-amd64:Ubuntu-11.0.27+6-post-Ubuntu-0ubuntu120.04 /usr/lib/jvm/java-8-openjdk-amd64:Private Build-1.8.0_452-8u452-gaus1-0ubuntu120.04-b09
Test Results	https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-7707/5/testReport/
Max. process+thread count	554 (vs. ulimit of 5500)
modules	C: hadoop-project hadoop-cloud-storage-project/hadoop-huaweicloud U: .
Console output	https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-7707/5/console
versions	git=2.25.1 maven=3.6.3
Powered by	Apache Yetus 0.14.0 https://yetus.apache.org

This message was automatically generated.

[steveloughran]

did a build and maven dependencies on hadoop-cloud module,
all looks good

[INFO] +- org.apache.hadoop:hadoop-huaweicloud:jar:3.5.0-SNAPSHOT:compile
[INFO] |  \- com.huaweicloud:esdk-obs-java:jar:3.25.5:compile
[INFO] |     +- com.squareup.okhttp3:okhttp:jar:4.12.0:compile
[INFO] |     |  \- org.jetbrains.kotlin:kotlin-stdlib-jdk8:jar:1.9.21:compile
[INFO] |     |     +- org.jetbrains.kotlin:kotlin-stdlib:jar:1.9.21:compile
[INFO] |     |     |  \- org.jetbrains:annotations:jar:13.0:compile
[INFO] |     |     \- org.jetbrains.kotlin:kotlin-stdlib-jdk7:jar:1.9.21:compile
[INFO] |     \- com.squareup.okio:okio:jar:3.8.0:compile
[INFO] |        \- com.squareup.okio:okio-jvm:jar:3.8.0:compile
[INFO] \- org.apache.hadoop:hadoop-tos:jar:3.5.0-SNAPSHOT:compile

now, does esdk-obs-java get bundled in our binary releases? I don't see that being the case, so there's no need to updatee LICENSE-binary.

@YanivKunda you've retested this, yes? If so check the box on the PR definition above (I restored it...), and say which service endpoint you ran the integration tests against

+1 pending this test result

[YanivKunda]

@steveloughran I verified the distribution doesn't contain this jar (interestingly, it does contain the Aliyun SDK jars).
However, I couldn't and still can't test this with an endpoint because I can't open a Huawei Cloud account or get any resources there because of geographical limits.
Do we have someone who has?

[YanivKunda]

@steveloughran I see the original code was contributed by a "zhongjun" 5 years ago,
but the dependency hasn't changed since -
I wonder if the current version of the Huawei Cloud service actually supports the old SDK...
I couldn't find the original user, but @zhongjun2 - could it be you?
Also involved in the original issue were @brahmareddybattula , @JunpingDu and another inactive account - "lixianwei".

[steveloughran]

well, we don't distribute it, but unless anybody is set up to test it, we have to choose between "used to work but has cve" and "more secure but may not work"