You are viewing a plain text version of this content. The canonical link for it is here.

Posted to common-issues@hadoop.apache.org by "ASF GitHub Bot (Jira)" <ji...@apache.org> on 2021/11/07 16:37:00 UTC

[jira] [Work logged] (HADOOP-16905) Update jackson-databind to 2.10.3 to relieve us from the endless CVE patches

     [ https://issues.apache.org/jira/browse/HADOOP-16905?focusedWorklogId=678268&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-678268 ]

ASF GitHub Bot logged work on HADOOP-16905:
-------------------------------------------

                Author: ASF GitHub Bot
            Created on: 07/Nov/21 16:36
            Start Date: 07/Nov/21 16:36
    Worklog Time Spent: 10m 
      Work Description: AnanyaSingh2121 commented on pull request #1973:
URL: https://github.com/apache/hadoop/pull/1973#issuecomment-962641979


   Hi, I am able to build Hadoop v3.2.2 successfully by ignoring the changes in "hadoop-client-modules/hadoop-client-runtime/pom.xml" and just changing the jackson-databind version to 2.10.3 in "hadoop-project/pom.xml"


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


Issue Time Tracking
-------------------

    Worklog Id:     (was: 678268)
    Time Spent: 1h 10m  (was: 1h)

> Update jackson-databind to 2.10.3 to relieve us from the endless CVE patches
> ----------------------------------------------------------------------------
>
>                 Key: HADOOP-16905
>                 URL: https://issues.apache.org/jira/browse/HADOOP-16905
>             Project: Hadoop Common
>          Issue Type: Sub-task
>            Reporter: Wei-Chiu Chuang
>            Assignee: Wei-Chiu Chuang
>            Priority: Major
>              Labels: pull-request-available, release-blocker
>             Fix For: 3.3.0
>
>          Time Spent: 1h 10m
>  Remaining Estimate: 0h
>
> Jackson-databind 2.10 should relieve us from the endless CVE patches according to https://medium.com/@cowtowncoder/jackson-2-10-features-cd880674d8a2
> Not sure if this is an easy update, but i think we should do this in the Hadoop 3.3.0 and before removing jackson-databind entirely.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org