You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@flink.apache.org by ch...@apache.org on 2019/11/21 15:34:47 UTC
[flink] branch release-1.9 updated (1c97e1d -> 43ac587)
This is an automated email from the ASF dual-hosted git repository.
chesnay pushed a change to branch release-1.9
in repository https://gitbox.apache.org/repos/asf/flink.git.
from 1c97e1d [FLINK-14641][docs] Fix description of metric `fullRestarts` (#10128)
new 4ed1965 [FLINK-14104][build] Bump shade-plugin version to 3.1.1
new 43ac587 [FLINK-14104][build] Add opt-in jackson 2.10.1 profile
The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
docs/dev/projectsetup/dependencies.md | 2 +-
docs/dev/projectsetup/dependencies.zh.md | 2 +-
docs/flinkDev/building.md | 10 +++++++
docs/flinkDev/building.zh.md | 10 +++++++
flink-metrics/flink-metrics-influxdb/pom.xml | 27 ++++++++++++++++++
.../src/main/resources/archetype-resources/pom.xml | 4 +--
.../src/main/resources/archetype-resources/pom.xml | 2 +-
flink-table/flink-table-planner-blink/pom.xml | 27 ++++++++++++++++++
flink-table/flink-table-planner/pom.xml | 27 ++++++++++++++++++
pom.xml | 32 ++++++++++++++++++----
10 files changed, 132 insertions(+), 11 deletions(-)
[flink] 01/02: [FLINK-14104][build] Bump shade-plugin version to
3.1.1
Posted by ch...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
chesnay pushed a commit to branch release-1.9
in repository https://gitbox.apache.org/repos/asf/flink.git
commit 4ed19650d933585f4e1c3f4ee220a52ec3567015
Author: Chesnay Schepler <ch...@apache.org>
AuthorDate: Thu Nov 14 12:06:39 2019 +0100
[FLINK-14104][build] Bump shade-plugin version to 3.1.1
Earlier versions fail with jackson 2.10.1, likely due to java9+ features present in the jar.
---
docs/dev/projectsetup/dependencies.md | 2 +-
docs/dev/projectsetup/dependencies.zh.md | 2 +-
.../src/main/resources/archetype-resources/pom.xml | 4 ++--
.../src/main/resources/archetype-resources/pom.xml | 2 +-
pom.xml | 7 +------
5 files changed, 6 insertions(+), 11 deletions(-)
diff --git a/docs/dev/projectsetup/dependencies.md b/docs/dev/projectsetup/dependencies.md
index 5efd78a..ce71f51 100644
--- a/docs/dev/projectsetup/dependencies.md
+++ b/docs/dev/projectsetup/dependencies.md
@@ -196,7 +196,7 @@ you can use the following shade plugin definition:
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-shade-plugin</artifactId>
- <version>3.0.0</version>
+ <version>3.1.1</version>
<executions>
<execution>
<phase>package</phase>
diff --git a/docs/dev/projectsetup/dependencies.zh.md b/docs/dev/projectsetup/dependencies.zh.md
index 6bf7fae..73a2e5c 100644
--- a/docs/dev/projectsetup/dependencies.zh.md
+++ b/docs/dev/projectsetup/dependencies.zh.md
@@ -159,7 +159,7 @@ Scala 版本(2.10、2.11、2.12等)互相是不兼容的。因此,依赖 Scala
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-shade-plugin</artifactId>
- <version>3.0.0</version>
+ <version>3.1.1</version>
<executions>
<execution>
<phase>package</phase>
diff --git a/flink-quickstart/flink-quickstart-java/src/main/resources/archetype-resources/pom.xml b/flink-quickstart/flink-quickstart-java/src/main/resources/archetype-resources/pom.xml
index 33399f8..1b0c6fc 100644
--- a/flink-quickstart/flink-quickstart-java/src/main/resources/archetype-resources/pom.xml
+++ b/flink-quickstart/flink-quickstart-java/src/main/resources/archetype-resources/pom.xml
@@ -113,7 +113,7 @@ under the License.
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-shade-plugin</artifactId>
- <version>3.0.0</version>
+ <version>3.1.1</version>
<executions>
<!-- Run shade goal on package phase -->
<execution>
@@ -168,7 +168,7 @@ under the License.
<pluginExecutionFilter>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-shade-plugin</artifactId>
- <versionRange>[3.0.0,)</versionRange>
+ <versionRange>[3.1.1,)</versionRange>
<goals>
<goal>shade</goal>
</goals>
diff --git a/flink-quickstart/flink-quickstart-scala/src/main/resources/archetype-resources/pom.xml b/flink-quickstart/flink-quickstart-scala/src/main/resources/archetype-resources/pom.xml
index e0f50f1..6fe41d4 100644
--- a/flink-quickstart/flink-quickstart-scala/src/main/resources/archetype-resources/pom.xml
+++ b/flink-quickstart/flink-quickstart-scala/src/main/resources/archetype-resources/pom.xml
@@ -108,7 +108,7 @@ under the License.
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-shade-plugin</artifactId>
- <version>3.0.0</version>
+ <version>3.1.1</version>
<executions>
<!-- Run shade goal on package phase -->
<execution>
diff --git a/pom.xml b/pom.xml
index ae9c9bc..a6acae8 100644
--- a/pom.xml
+++ b/pom.xml
@@ -763,11 +763,6 @@ under the License.
<version>1.7</version>
</plugin>
<plugin>
- <groupId>org.apache.maven.plugins</groupId>
- <artifactId>maven-shade-plugin</artifactId>
- <version>3.1.1</version>
- </plugin>
- <plugin>
<groupId>com.github.siom79.japicmp</groupId>
<artifactId>japicmp-maven-plugin</artifactId>
<dependencies>
@@ -1660,7 +1655,7 @@ under the License.
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-shade-plugin</artifactId>
- <version>3.0.0</version>
+ <version>3.1.1</version>
</plugin>
<plugin>
[flink] 02/02: [FLINK-14104][build] Add opt-in jackson 2.10.1
profile
Posted by ch...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
chesnay pushed a commit to branch release-1.9
in repository https://gitbox.apache.org/repos/asf/flink.git
commit 43ac587fe865f4709efa28fff15199496c917fd3
Author: Chesnay Schepler <ch...@apache.org>
AuthorDate: Wed Nov 13 11:40:04 2019 +0100
[FLINK-14104][build] Add opt-in jackson 2.10.1 profile
---
docs/flinkDev/building.md | 10 ++++++++++
docs/flinkDev/building.zh.md | 10 ++++++++++
flink-metrics/flink-metrics-influxdb/pom.xml | 27 +++++++++++++++++++++++++++
flink-table/flink-table-planner-blink/pom.xml | 27 +++++++++++++++++++++++++++
flink-table/flink-table-planner/pom.xml | 27 +++++++++++++++++++++++++++
pom.xml | 25 +++++++++++++++++++++++++
6 files changed, 126 insertions(+)
diff --git a/docs/flinkDev/building.md b/docs/flinkDev/building.md
index 7bdfceb..28c269d 100644
--- a/docs/flinkDev/building.md
+++ b/docs/flinkDev/building.md
@@ -170,5 +170,15 @@ The workaround is to add:
in the compiler configuration of the `pom.xml` file of the module causing the error. For example, if the error appears in the `flink-yarn` module, the above code should be added under the `<configuration>` tag of `scala-maven-plugin`. See [this issue](https://issues.apache.org/jira/browse/FLINK-2003) for more information.
+## Jackson
+
+Multiple Flink components use [Jackson](https://github.com/FasterXML/jackson). Older versions of jackson (<`2.10.1`) are subject to a variety of security vulnerabilities.
+
+Flink 1.8.3+ offers an opt-in profile (`use-jackson-2.10.1`) for building Flink against Jackson `2.10.1`; including `jackson-annotations`, `jackson-core` and `jackson-databind`.
+
+Usage: `mvn package -Puse-jackson-2.10.1`
+
+When you build a maven application against this Flink version it is recommended to bump the `maven-shade-plugin` version to at least `3.1.1` to prevent packaging errors.
+
{% top %}
diff --git a/docs/flinkDev/building.zh.md b/docs/flinkDev/building.zh.md
index c5e794a..924891f 100644
--- a/docs/flinkDev/building.zh.md
+++ b/docs/flinkDev/building.zh.md
@@ -170,5 +170,15 @@ The workaround is to add:
in the compiler configuration of the `pom.xml` file of the module causing the error. For example, if the error appears in the `flink-yarn` module, the above code should be added under the `<configuration>` tag of `scala-maven-plugin`. See [this issue](https://issues.apache.org/jira/browse/FLINK-2003) for more information.
+## Jackson
+
+Multiple Flink components use [Jackson](https://github.com/FasterXML/jackson). Older versions of jackson (<`2.10.1`) are subject to a variety of security vulnerabilities.
+
+Flink 1.9.2+ offers an opt-in profile (`use-jackson-2.10.1`) for building Flink against Jackson `2.10.1`; including `jackson-annotations`, `jackson-core` and `jackson-databind`.
+
+Usage: `mvn package -Puse-jackson-2.10.1`
+
+When you build a maven application against this Flink version it is recommended to bump the `maven-shade-plugin` version to at least `3.1.1` to prevent packaging errors.
+
{% top %}
diff --git a/flink-metrics/flink-metrics-influxdb/pom.xml b/flink-metrics/flink-metrics-influxdb/pom.xml
index 475e94b..706b0da 100644
--- a/flink-metrics/flink-metrics-influxdb/pom.xml
+++ b/flink-metrics/flink-metrics-influxdb/pom.xml
@@ -120,6 +120,33 @@ under the License.
</dependencies>
</dependencyManagement>
+ <profiles>
+ <profile>
+ <id>use-jackson-2.10.1</id>
+ <dependencyManagement>
+ <dependencies>
+ <dependency>
+ <groupId>com.fasterxml.jackson.core</groupId>
+ <artifactId>jackson-annotations</artifactId>
+ <version>2.10.1</version>
+ </dependency>
+
+ <dependency>
+ <groupId>com.fasterxml.jackson.core</groupId>
+ <artifactId>jackson-databind</artifactId>
+ <version>2.10.1</version>
+ </dependency>
+
+ <dependency>
+ <groupId>com.fasterxml.jackson.core</groupId>
+ <artifactId>jackson-core</artifactId>
+ <version>2.10.1</version>
+ </dependency>
+ </dependencies>
+ </dependencyManagement>
+ </profile>
+ </profiles>
+
<build>
<plugins>
<plugin>
diff --git a/flink-table/flink-table-planner-blink/pom.xml b/flink-table/flink-table-planner-blink/pom.xml
index 5325c64..dce99f0 100644
--- a/flink-table/flink-table-planner-blink/pom.xml
+++ b/flink-table/flink-table-planner-blink/pom.xml
@@ -267,6 +267,33 @@ under the License.
</dependency>
</dependencies>
+ <profiles>
+ <profile>
+ <id>use-jackson-2.10.1</id>
+ <dependencyManagement>
+ <dependencies>
+ <dependency>
+ <groupId>com.fasterxml.jackson.core</groupId>
+ <artifactId>jackson-annotations</artifactId>
+ <version>2.10.1</version>
+ </dependency>
+
+ <dependency>
+ <groupId>com.fasterxml.jackson.core</groupId>
+ <artifactId>jackson-databind</artifactId>
+ <version>2.10.1</version>
+ </dependency>
+
+ <dependency>
+ <groupId>com.fasterxml.jackson.core</groupId>
+ <artifactId>jackson-core</artifactId>
+ <version>2.10.1</version>
+ </dependency>
+ </dependencies>
+ </dependencyManagement>
+ </profile>
+ </profiles>
+
<build>
<plugins>
<!-- Scala Compiler -->
diff --git a/flink-table/flink-table-planner/pom.xml b/flink-table/flink-table-planner/pom.xml
index ea4e4fc..107c176 100644
--- a/flink-table/flink-table-planner/pom.xml
+++ b/flink-table/flink-table-planner/pom.xml
@@ -268,6 +268,33 @@ under the License.
</dependency>
</dependencies>
+ <profiles>
+ <profile>
+ <id>use-jackson-2.10.1</id>
+ <dependencyManagement>
+ <dependencies>
+ <dependency>
+ <groupId>com.fasterxml.jackson.core</groupId>
+ <artifactId>jackson-annotations</artifactId>
+ <version>2.10.1</version>
+ </dependency>
+
+ <dependency>
+ <groupId>com.fasterxml.jackson.core</groupId>
+ <artifactId>jackson-databind</artifactId>
+ <version>2.10.1</version>
+ </dependency>
+
+ <dependency>
+ <groupId>com.fasterxml.jackson.core</groupId>
+ <artifactId>jackson-core</artifactId>
+ <version>2.10.1</version>
+ </dependency>
+ </dependencies>
+ </dependencyManagement>
+ </profile>
+ </profiles>
+
<build>
<plugins>
<!-- Scala Compiler -->
diff --git a/pom.xml b/pom.xml
index a6acae8..b9d9dbf 100644
--- a/pom.xml
+++ b/pom.xml
@@ -749,6 +749,31 @@ under the License.
</profile>
<profile>
+ <id>use-jackson-2.10.1</id>
+ <dependencyManagement>
+ <dependencies>
+ <dependency>
+ <groupId>com.fasterxml.jackson.core</groupId>
+ <artifactId>jackson-annotations</artifactId>
+ <version>2.10.1</version>
+ </dependency>
+
+ <dependency>
+ <groupId>com.fasterxml.jackson.core</groupId>
+ <artifactId>jackson-databind</artifactId>
+ <version>2.10.1</version>
+ </dependency>
+
+ <dependency>
+ <groupId>com.fasterxml.jackson.core</groupId>
+ <artifactId>jackson-core</artifactId>
+ <version>2.10.1</version>
+ </dependency>
+ </dependencies>
+ </dependencyManagement>
+ </profile>
+
+ <profile>
<id>java9</id>
<activation>
<jdk>9</jdk>