You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@skywalking.apache.org by GitBox <gi...@apache.org> on 2020/03/03 09:05:47 UTC

[GitHub] [skywalking] dshowing opened a new issue #4434: jackson-databind版本更新后服务异常

dshowing opened a new issue #4434: jackson-databind版本更新后服务异常
URL: https://github.com/apache/skywalking/issues/4434
 
 
   Please answer these questions before submitting your issue.
   
   Why do you submit this issue?
   -  Question or discussion
   
   ___
   ### Question
   - What do you want to know?
   内网安全平台检测出关于jackson-databind.jar的漏洞，需要更新版本来解决，当我更新为2.10.2新版本后，服务报错，请问我应该怎么处理？
   
   >原版本是2.9.5，需要更新到2.10.2
   
   ```
   2020-03-03 16:57:45,363 - org.apache.skywalking.oap.query.graphql.GraphQLQueryHandler - 107 [qtp345780740-54] ERROR [] - com.fasterxml.jackson.core.json.JsonWriteContext.createChildObjectContext(Ljava/lang/Object;)Lcom/fasterxml/jackson/core/json/JsonWriteContext;
   java.lang.NoSuchMethodError: com.fasterxml.jackson.core.json.JsonWriteContext.createChildObjectContext(Ljava/lang/Object;)Lcom/fasterxml/jackson/core/json/JsonWriteContext;
           at com.fasterxml.jackson.databind.util.TokenBuffer.writeStartObject(TokenBuffer.java:720) ~[jackson-databind-2.10.2.jar:2.10.2]
           at com.fasterxml.jackson.databind.ser.std.MapSerializer.serialize(MapSerializer.java:630) ~[jackson-databind-2.10.2.jar:2.10.2]
           at com.fasterxml.jackson.databind.ser.std.MapSerializer.serialize(MapSerializer.java:33) ~[jackson-databind-2.10.2.jar:2.10.2]
           at com.fasterxml.jackson.databind.ser.DefaultSerializerProvider._serialize(DefaultSerializerProvider.java:480) ~[jackson-databind-2.10.2.jar:2.10.2]
           at com.fasterxml.jackson.databind.ser.DefaultSerializerProvider.serializeValue(DefaultSerializerProvider.java:319) ~[jackson-databind-2.10.2.jar:2.10.2]
           at com.fasterxml.jackson.databind.ObjectMapper._convert(ObjectMapper.java:3900) ~[jackson-databind-2.10.2.jar:2.10.2]
           at com.fasterxml.jackson.databind.ObjectMapper.convertValue(ObjectMapper.java:3863) ~[jackson-databind-2.10.2.jar:2.10.2]
           at com.coxautodev.graphql.tools.MethodFieldResolver$createDataFetcher$$inlined$forEachIndexed$lambda$1.invoke(MethodFieldResolver.kt:82) ~[graphql-java-tools-5.2.3.jar:?]
           at com.coxautodev.graphql.tools.MethodFieldResolver$createDataFetcher$$inlined$forEachIndexed$lambda$1.invoke(MethodFieldResolver.kt:20) ~[graphql-java-tools-5.2.3.jar:?]
           at com.coxautodev.graphql.tools.MethodFieldResolverDataFetcher.get(MethodFieldResolver.kt:146) ~[graphql-java-tools-5.2.3.jar:?]
           at graphql.execution.ExecutionStrategy.fetchField(ExecutionStrategy.java:227) ~[graphql-java-8.0.jar:?]
           at graphql.execution.ExecutionStrategy.resolveField(ExecutionStrategy.java:170) ~[graphql-java-8.0.jar:?]
           at graphql.execution.AsyncExecutionStrategy.execute(AsyncExecutionStrategy.java:59) ~[graphql-java-8.0.jar:?]
           at graphql.execution.Execution.executeOperation(Execution.java:158) ~[graphql-java-8.0.jar:?]
           at graphql.execution.Execution.execute(Execution.java:100) ~[graphql-java-8.0.jar:?]
           at graphql.GraphQL.execute(GraphQL.java:558) ~[graphql-java-8.0.jar:?]
           at graphql.GraphQL.parseValidateAndExecute(GraphQL.java:500) ~[graphql-java-8.0.jar:?]
           at graphql.GraphQL.executeAsync(GraphQL.java:470) ~[graphql-java-8.0.jar:?]
           at graphql.GraphQL.execute(GraphQL.java:401) ~[graphql-java-8.0.jar:?]
           at org.apache.skywalking.oap.query.graphql.GraphQLQueryHandler.execute(GraphQLQueryHandler.java:87) [query-graphql-plugin-6.4.0.jar:6.4.0]
           at org.apache.skywalking.oap.query.graphql.GraphQLQueryHandler.doPost(GraphQLQueryHandler.java:81) [query-graphql-plugin-6.4.0.jar:6.4.0]
           at org.apache.skywalking.oap.server.library.server.jetty.JettyJsonHandler.doPost(JettyJsonHandler.java:54) [library-server-6.4.0.jar:6.4.0]
           at javax.servlet.http.HttpServlet.service(HttpServlet.java:707) [javax.servlet-api-3.1.0.jar:3.1.0]
           at org.apache.skywalking.oap.server.library.server.jetty.JettyJsonHandler.service(JettyJsonHandler.java:101) [library-server-6.4.0.jar:6.4.0]
           at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) [javax.servlet-api-3.1.0.jar:3.1.0]
           at org.apache.skywalking.oap.server.library.server.jetty.JettyJsonHandler.service(JettyJsonHandler.java:105) [library-server-6.4.0.jar:6.4.0]
           at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:841) [jetty-servlet-9.4.2.v20170220.jar:9.4.2.v20170220]
           at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:543) [jetty-servlet-9.4.2.v20170220.jar:9.4.2.v20170220]
           at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:188) [jetty-server-9.4.2.v20170220.jar:9.4.2.v20170220]
           at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1239) [jetty-server-9.4.2.v20170220.jar:9.4.2.v20170220]
           at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:168) [jetty-server-9.4.2.v20170220.jar:9.4.2.v20170220]
           at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:481) [jetty-servlet-9.4.2.v20170220.jar:9.4.2.v20170220]
           at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:166) [jetty-server-9.4.2.v20170220.jar:9.4.2.v20170220]
           at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1141) [jetty-server-9.4.2.v20170220.jar:9.4.2.v20170220]
           at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141) [jetty-server-9.4.2.v20170220.jar:9.4.2.v20170220]
           at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132) [jetty-server-9.4.2.v20170220.jar:9.4.2.v20170220]
           at org.eclipse.jetty.server.Server.handle(Server.java:564) [jetty-server-9.4.2.v20170220.jar:9.4.2.v20170220]
           at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:320) [jetty-server-9.4.2.v20170220.jar:9.4.2.v20170220]
           at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:251) [jetty-server-9.4.2.v20170220.jar:9.4.2.v20170220]
           at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:279) [jetty-io-9.4.2.v20170220.jar:9.4.2.v20170220]
           at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:110) [jetty-io-9.4.2.v20170220.jar:9.4.2.v20170220]
           at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:124) [jetty-io-9.4.2.v20170220.jar:9.4.2.v20170220]
           at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:672) [jetty-util-9.4.2.v20170220.jar:9.4.2.v20170220]
           at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:590) [jetty-util-9.4.2.v20170220.jar:9.4.2.v20170220]
           at java.lang.Thread.run(Thread.java:748) [?:1.8.0_201]
   ```
   

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services

[GitHub] [skywalking] wu-sheng closed issue #4434: jackson-databind版本更新后服务异常

Posted by GitBox <gi...@apache.org>.

wu-sheng closed issue #4434: jackson-databind版本更新后服务异常
URL: https://github.com/apache/skywalking/issues/4434
 
 
   

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services

[GitHub] [skywalking] dshowing commented on issue #4434: jackson-databind版本更新后服务异常

Posted by GitBox <gi...@apache.org>.

dshowing commented on issue #4434: jackson-databind版本更新后服务异常
URL: https://github.com/apache/skywalking/issues/4434#issuecomment-594273037
 
 
   > 仅限英语。Jackson的兼容性不是SkyWalking的问题。我们没有直接使用它。
   
   Sorry, the vulnerability of jackson-databind.jar was detected by our Intranet security platform, which needs to be solved by the updated version. When I updated it to the new version of 2.10.2, the service reported an error. What should I do?
   
   The original version is 2.9.5 and needs to be updated to 2.10.2
   

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services

[GitHub] [skywalking] dshowing removed a comment on issue #4434: jackson-databind版本更新后服务异常

Posted by GitBox <gi...@apache.org>.

dshowing removed a comment on issue #4434: jackson-databind版本更新后服务异常
URL: https://github.com/apache/skywalking/issues/4434#issuecomment-594273037
 
 
   > 仅限英语。Jackson的兼容性不是SkyWalking的问题。我们没有直接使用它。
   
   Sorry, the vulnerability of jackson-databind.jar was detected by our Intranet security platform, which needs to be solved by the updated version. When I updated it to the new version of 2.10.2, the service reported an error. What should I do?
   
   The original version is 2.9.5 and needs to be updated to 2.10.2
   

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services

[GitHub] [skywalking] dshowing commented on issue #4434: jackson-databind版本更新后服务异常

Posted by GitBox <gi...@apache.org>.

dshowing commented on issue #4434: jackson-databind版本更新后服务异常
URL: https://github.com/apache/skywalking/issues/4434#issuecomment-594273124
 
 
   > English only. And Jackson compatibility isn't SkyWalking's issue. We are not using it directly.
   
   Sorry, the vulnerability of jackson-databind.jar was detected by our Intranet security platform, which needs to be solved by the updated version. When I updated it to the new version of 2.10.2, the service reported an error. What should I do?
   
   The original version is 2.9.5 and needs to be updated to 2.10.2
   
   

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services

[GitHub] [skywalking] wu-sheng commented on issue #4434: jackson-databind版本更新后服务异常

Posted by GitBox <gi...@apache.org>.

wu-sheng commented on issue #4434: jackson-databind版本更新后服务异常
URL: https://github.com/apache/skywalking/issues/4434#issuecomment-593842672
 
 
   English only. And Jackson compatibility isn't SkyWalking's issue. We are not using it directly.

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services