You are viewing a plain text version of this content. The canonical link for it is here.

Posted to common-issues@hadoop.apache.org by "Steve Loughran (Jira)" <ji...@apache.org> on 2021/02/18 11:47:00 UTC

[jira] [Updated] (HADOOP-17534) Upgrade Jackson databind to 2.10.5.1

     [ https://issues.apache.org/jira/browse/HADOOP-17534?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Steve Loughran updated HADOOP-17534:
------------------------------------
    Affects Version/s: 3.2.2

> Upgrade Jackson databind to 2.10.5.1
> ------------------------------------
>
>                 Key: HADOOP-17534
>                 URL: https://issues.apache.org/jira/browse/HADOOP-17534
>             Project: Hadoop Common
>          Issue Type: Bug
>    Affects Versions: 3.2.2
>            Reporter: Adam Roberts
>            Priority: Major
>
> Hey everyone, we've done a container scan of Hadoop 3.2.2 we are using to build a shaded version of a Flink uber jar with, and noticed several apparent problems that are primarily related to com.faster.xml.jackson.core_jackson-databind.
>  
> Specifically the report claims version 2.4.0 of the library is used (am not sure about this part personally so I may be mistaken) and the fix suggestion I see is to move up to either 2.10.5.1, 2.9.10.8, 2.6.7.4 as appropriate.
>  
> I believe 2.10.3 is actually what's currently in use based on [https://github.com/apache/hadoop/blob/4cf35315838a6e65f87ed64aaa8f1d31594c7fcd/hadoop-project/pom.xml#L75|https://github.com/apache/hadoop/blob/4cf35315838a6e65f87ed64aaa8f1d31594c7fcd/hadoop-project/pom.xml#L75.]
>  
> Hopefully not a far-reaching change as I know changing dependencies can sometimes have a big knock-on effect, anyway - figured I'd report it incase someone plans to work on it.
>  
> Again do note that this is using a scan of an image built for Flink 1.11.3, but using Hadoop so it has a bunch of the same classes in, and I do believe that in Flink itself, the version of Jackson pulled in does not have the same problems, thus my thinking it is related to the Hadoop dependencies.
> Thanks!



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org