You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues-all@impala.apache.org by "ASF subversion and git services (Jira)" <ji...@apache.org> on 2021/02/20 03:04:00 UTC

[jira] [Commented] (IMPALA-10516) Upgrade jackson databind to 2.10.5.1 and slf4j to 1.7.30

    [ https://issues.apache.org/jira/browse/IMPALA-10516?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17287466#comment-17287466 ] 

ASF subversion and git services commented on IMPALA-10516:
----------------------------------------------------------

Commit 4a65fcfbe55f9a9132402459480ddb16b4a85d2b in impala's branch refs/heads/master from wzhou-code
[ https://gitbox.apache.org/repos/asf?p=impala.git;h=4a65fcf ]

IMPALA-10516: Bump up the versions of jackson databind and slf4j

A flaw was found in FasterXML Jackson Databind, where it did not have
entity expansion secured properly.

This patch bumps up jackson databind to 2.10.5.1. It also changes slf4j
to 1.7.30.

Testing:
 - Built Impala on local machine as clean build. Verified that new
   versions of jar files jackson-databind-2.10.5.1.jar,
   slf4j-api-1.7.30.jar, and slf4j-log4j12-1.7.30.jar were built in
   fe/target/build-classpath.txt.

Change-Id: Ie7b84a90fec955dbaebd36b63294229b05eb00d8
Reviewed-on: http://gerrit.cloudera.org:8080/17085
Reviewed-by: Joe McDonnell <jo...@cloudera.com>
Tested-by: Impala Public Jenkins <im...@cloudera.com>


> Upgrade jackson databind to 2.10.5.1 and slf4j to 1.7.30
> --------------------------------------------------------
>
>                 Key: IMPALA-10516
>                 URL: https://issues.apache.org/jira/browse/IMPALA-10516
>             Project: IMPALA
>          Issue Type: Improvement
>            Reporter: Wenzhe Zhou
>            Assignee: Wenzhe Zhou
>            Priority: Major
>             Fix For: Impala 4.0
>
>
> A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. We need to upgradeĀ jackson databind to 2.10.5.1. We also upgradeĀ slf4j to 1.7.30.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-all-unsubscribe@impala.apache.org
For additional commands, e-mail: issues-all-help@impala.apache.org