
<!---
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements.  See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership.  The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License.  You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-->
# Apache Hadoop  3.4.3 Release Notes

These release notes cover new developer and user-facing incompatibilities, important issues, features, and major improvements.


---

* [HADOOP-19165](https://issues.apache.org/jira/browse/HADOOP-19165) | *Major* | **Explore dropping protobuf 2.5.0 from the distro**

protobuf-2.5.jar is no longer bundled into a distribution or exported as a transient dependency.


---

* [HADOOP-19680](https://issues.apache.org/jira/browse/HADOOP-19680) | *Critical* | **Update non-thirdparty Guava version to 32.0.1**

Previously, Hadoop has set the guava dependency version to 27.0-jre.
It is now set to 32.0.1-jre .
Note that this only applies to the un-relocated guava library, the Hadoop thirdparty guava library was already at 32.0.1-jre.


---

* [HADOOP-19719](https://issues.apache.org/jira/browse/HADOOP-19719) | *Major* | **Upgrade to wildfly version with support for openssl 3**

Wildfly SSL binding are now compatible with OpenSSL 3.0 as well as 1.1. However, as the native libraries were built with GLIBC 2.34+, these do not work on RHEL8. For deployment on those systems, stick with the JVM ssl support


---

* [HADOOP-19654](https://issues.apache.org/jira/browse/HADOOP-19654) | *Major* | **Upgrade AWS SDK to 2.35.4**

Checksum calculation in the AWS SDK has changed and may be incompatible with third party stores. Consult the third-party documentation for details on restoring compatibility with the options "fs.s3a.md5.header.enabled" and "fs.s3a.checksum.calculation.enabled"


---

* [HADOOP-19696](https://issues.apache.org/jira/browse/HADOOP-19696) | *Major* | **hadoop binary distribution to move cloud connectors to hadoop common/lib**

The hadoop-\* modules needed to communicate with cloud stores (hadoop-azure, hadoop-aws etc) are now in share/hadoop/tools/lib, and will be automatically available on the command line provided all their dependencies are in the same directory. For hadoop-aws, that means aws sdk bundle.jar 2.35.4 or later; for hadoop-azure everything should work out the box.


---

* [HADOOP-19747](https://issues.apache.org/jira/browse/HADOOP-19747) | *Major* | **switch lz4-java to at.yawk.lz4 version due to CVE**

The hadoop Lz4Compressor  instantiates a compressor via a call to  LZ4Factory.fastestInstance().safeDecompressor() and so is not directly vulnerable to CVE-2025-12183


---

* [YARN-11916](https://issues.apache.org/jira/browse/YARN-11916) | *Minor* | **FileSystemTimelineReaderImpl vulnerable to race conditions**

People testing timeline server integration through the FileSystemTimelineReaderImpl implementation of ATSv2 need to add hadoop-yarn-server-timelineservice-test.jar to their testing classpath