You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@spark.apache.org by gu...@apache.org on 2019/03/05 02:47:10 UTC
[spark] branch master updated: [SPARK-27051][CORE] Bump Jackson
version to 2.9.8
This is an automated email from the ASF dual-hosted git repository.
gurwls223 pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/spark.git
The following commit(s) were added to refs/heads/master by this push:
new 7857c6d [SPARK-27051][CORE] Bump Jackson version to 2.9.8
7857c6d is described below
commit 7857c6d633f3df426a6ac4618316eb83b1cefe2b
Author: Yanbo Liang <yb...@gmail.com>
AuthorDate: Tue Mar 5 11:46:51 2019 +0900
[SPARK-27051][CORE] Bump Jackson version to 2.9.8
## What changes were proposed in this pull request?
Fasterxml Jackson version before 2.9.8 is affected by multiple [CVEs](https://github.com/FasterXML/jackson-databind/issues/2186), we need to fix bump the dependent Jackson to 2.9.8.
## How was this patch tested?
Existing tests and offline benchmark.
I have run ```SPARK_GENERATE_BENCHMARK_FILES=1 build/sbt "sql/test:runMain org.apache.spark.sql.execution.datasources.json.JSONBenchmark"``` to check there is no performance degradation for this upgrade.
Closes #23965 from yanboliang/SPARK-27051.
Authored-by: Yanbo Liang <yb...@gmail.com>
Signed-off-by: Hyukjin Kwon <gu...@apache.org>
---
core/pom.xml | 4 ++++
dev/deps/spark-deps-hadoop-2.7 | 16 ++++++++--------
dev/deps/spark-deps-hadoop-3.1 | 16 ++++++++--------
pom.xml | 2 +-
4 files changed, 21 insertions(+), 17 deletions(-)
diff --git a/core/pom.xml b/core/pom.xml
index c87d9d5..b9f78b2 100644
--- a/core/pom.xml
+++ b/core/pom.xml
@@ -225,6 +225,10 @@
<artifactId>scala-library</artifactId>
</dependency>
<dependency>
+ <groupId>org.scala-lang</groupId>
+ <artifactId>scala-reflect</artifactId>
+ </dependency>
+ <dependency>
<groupId>org.json4s</groupId>
<artifactId>json4s-jackson_${scala.binary.version}</artifactId>
</dependency>
diff --git a/dev/deps/spark-deps-hadoop-2.7 b/dev/deps/spark-deps-hadoop-2.7
index 829aa8e..d53039f 100644
--- a/dev/deps/spark-deps-hadoop-2.7
+++ b/dev/deps/spark-deps-hadoop-2.7
@@ -88,16 +88,16 @@ httpclient-4.5.6.jar
httpcore-4.4.10.jar
istack-commons-runtime-3.0.8.jar
ivy-2.4.0.jar
-jackson-annotations-2.9.6.jar
-jackson-core-2.9.6.jar
+jackson-annotations-2.9.8.jar
+jackson-core-2.9.8.jar
jackson-core-asl-1.9.13.jar
-jackson-databind-2.9.6.jar
-jackson-dataformat-yaml-2.9.6.jar
+jackson-databind-2.9.8.jar
+jackson-dataformat-yaml-2.9.8.jar
jackson-jaxrs-1.9.13.jar
jackson-mapper-asl-1.9.13.jar
-jackson-module-jaxb-annotations-2.9.6.jar
-jackson-module-paranamer-2.9.6.jar
-jackson-module-scala_2.12-2.9.6.jar
+jackson-module-jaxb-annotations-2.9.8.jar
+jackson-module-paranamer-2.9.8.jar
+jackson-module-scala_2.12-2.9.8.jar
jackson-xc-1.9.13.jar
jakarta.activation-api-1.2.1.jar
jakarta.xml.bind-api-2.3.2.jar
@@ -183,7 +183,7 @@ scala-xml_2.12-1.0.5.jar
shapeless_2.12-2.3.2.jar
slf4j-api-1.7.16.jar
slf4j-log4j12-1.7.16.jar
-snakeyaml-1.18.jar
+snakeyaml-1.23.jar
snappy-0.2.jar
snappy-java-1.1.7.1.jar
spire-macros_2.12-0.13.0.jar
diff --git a/dev/deps/spark-deps-hadoop-3.1 b/dev/deps/spark-deps-hadoop-3.1
index 3aed5ff..d1a6b27 100644
--- a/dev/deps/spark-deps-hadoop-3.1
+++ b/dev/deps/spark-deps-hadoop-3.1
@@ -87,17 +87,17 @@ httpclient-4.5.6.jar
httpcore-4.4.10.jar
istack-commons-runtime-3.0.8.jar
ivy-2.4.0.jar
-jackson-annotations-2.9.6.jar
-jackson-core-2.9.6.jar
+jackson-annotations-2.9.8.jar
+jackson-core-2.9.8.jar
jackson-core-asl-1.9.13.jar
-jackson-databind-2.9.6.jar
-jackson-dataformat-yaml-2.9.6.jar
+jackson-databind-2.9.8.jar
+jackson-dataformat-yaml-2.9.8.jar
jackson-jaxrs-base-2.7.8.jar
jackson-jaxrs-json-provider-2.7.8.jar
jackson-mapper-asl-1.9.13.jar
-jackson-module-jaxb-annotations-2.9.6.jar
-jackson-module-paranamer-2.9.6.jar
-jackson-module-scala_2.12-2.9.6.jar
+jackson-module-jaxb-annotations-2.9.8.jar
+jackson-module-paranamer-2.9.8.jar
+jackson-module-scala_2.12-2.9.8.jar
jakarta.activation-api-1.2.1.jar
jakarta.xml.bind-api-2.3.2.jar
janino-3.0.11.jar
@@ -201,7 +201,7 @@ scala-xml_2.12-1.0.5.jar
shapeless_2.12-2.3.2.jar
slf4j-api-1.7.16.jar
slf4j-log4j12-1.7.16.jar
-snakeyaml-1.18.jar
+snakeyaml-1.23.jar
snappy-0.2.jar
snappy-java-1.1.7.1.jar
spire-macros_2.12-0.13.0.jar
diff --git a/pom.xml b/pom.xml
index 05a45bf..ec870d3 100644
--- a/pom.xml
+++ b/pom.xml
@@ -163,7 +163,7 @@
<!-- for now, not running scalafmt as part of default verify pipeline -->
<scalafmt.skip>true</scalafmt.skip>
<codehaus.jackson.version>1.9.13</codehaus.jackson.version>
- <fasterxml.jackson.version>2.9.6</fasterxml.jackson.version>
+ <fasterxml.jackson.version>2.9.8</fasterxml.jackson.version>
<snappy.version>1.1.7.1</snappy.version>
<netlib.java.version>1.1.2</netlib.java.version>
<calcite.version>1.2.0-incubating</calcite.version>
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@spark.apache.org
For additional commands, e-mail: commits-help@spark.apache.org