You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@druid.apache.org by GitBox <gi...@apache.org> on 2022/04/07 18:31:44 UTC

[GitHub] [druid] jihoonson opened a new pull request, #12411: Bump Jackson to 2.13.2 (CVE-2020-36518)

jihoonson opened a new pull request, #12411:
URL: https://github.com/apache/druid/pull/12411

   ### Description
   
   Another attempt to bump Jackson for https://nvd.nist.gov/vuln/detail/CVE-2020-36518.
   
   <hr>
   
   This PR has:
   - [x] been self-reviewed.
   - [x] added or updated version, license, or notice information in [licenses.yaml](https://github.com/apache/druid/blob/master/dev/license.md)
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@druid.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@druid.apache.org
For additional commands, e-mail: commits-help@druid.apache.org

[GitHub] [druid] FrankChen021 commented on a diff in pull request #12411: Bump Jackson to 2.12.6.20220326 (CVE-2020-36518)

Posted by GitBox <gi...@apache.org>.

FrankChen021 commented on code in PR #12411:
URL: https://github.com/apache/druid/pull/12411#discussion_r847973230


##########
core/src/main/java/org/apache/druid/guice/GuiceAnnotationIntrospector.java:
##########
@@ -58,9 +58,9 @@ public Object findInjectableValueId(AnnotatedMember m)
       if (m instanceof AnnotatedMethod) {
         throw new IAE("Annotated methods don't work very well yet...");
       }
-      return Key.get(m.getGenericType());
+      return Key.get(m.getRawType());

Review Comment:
   This change confuses me. The javadoc of `getGenericType` says that `getType` should be used to replace it. But according to the CI test result of #12373 , using of `getType` here seems that it does not work correctly.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@druid.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@druid.apache.org
For additional commands, e-mail: commits-help@druid.apache.org

Re: [PR] Bump Jackson to 2.12.6.20220326 (CVE-2020-36518) (druid)

Posted by "xvrl (via GitHub)" <gi...@apache.org>.

xvrl commented on PR #12411:
URL: https://github.com/apache/druid/pull/12411#issuecomment-1858096530

   closing since this was addressed as part of #14770


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@druid.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@druid.apache.org
For additional commands, e-mail: commits-help@druid.apache.org

[GitHub] [druid] xvrl commented on pull request #12411: Bump Jackson to 2.12.6.20220326 (CVE-2020-36518)

Posted by GitBox <gi...@apache.org>.

xvrl commented on PR #12411:
URL: https://github.com/apache/druid/pull/12411#issuecomment-1095863716

   @jihoonson it looks like the changes you made to tests are due to https://github.com/FasterXML/jackson-databind/issues/1852 Are there any other 2.11 or 2.12 behavior changes we might have to worry about?


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@druid.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@druid.apache.org
For additional commands, e-mail: commits-help@druid.apache.org

[GitHub] [druid] xvrl commented on a diff in pull request #12411: Bump Jackson to 2.12.6.20220326 (CVE-2020-36518)

Posted by GitBox <gi...@apache.org>.

xvrl commented on code in PR #12411:
URL: https://github.com/apache/druid/pull/12411#discussion_r847887524


##########
extensions-contrib/kafka-emitter/src/test/java/org/apache/druid/emitter/kafka/KafkaEmitterTest.java:
##########
@@ -85,7 +85,7 @@ public void testKafkaEmitter() throws InterruptedException
     final KafkaProducer<String, String> producer = mock(KafkaProducer.class);
     final KafkaEmitter kafkaEmitter = new KafkaEmitter(
         new KafkaEmitterConfig("", "metrics", "alerts", requestTopic, "test-cluster", null),
-        new ObjectMapper()
+        new DefaultObjectMapper()

Review Comment:
   any particular reason this change is required?



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@druid.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@druid.apache.org
For additional commands, e-mail: commits-help@druid.apache.org

Re: [PR] Bump Jackson to 2.12.6.20220326 (CVE-2020-36518) (druid)

Posted by "github-actions[bot] (via GitHub)" <gi...@apache.org>.

github-actions[bot] commented on PR #12411:
URL: https://github.com/apache/druid/pull/12411#issuecomment-1853065774

   This pull request has been marked as stale due to 60 days of inactivity.
   It will be closed in 4 weeks if no further activity occurs. If you think
   that's incorrect or this pull request should instead be reviewed, please simply
   write any comment. Even if closed, you can still revive the PR at any time or
   discuss it on the dev@druid.apache.org list.
   Thank you for your contributions.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@druid.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@druid.apache.org
For additional commands, e-mail: commits-help@druid.apache.org

Re: [PR] Bump Jackson to 2.12.6.20220326 (CVE-2020-36518) (druid)

Posted by "xvrl (via GitHub)" <gi...@apache.org>.

xvrl closed pull request #12411: Bump Jackson to 2.12.6.20220326 (CVE-2020-36518)
URL: https://github.com/apache/druid/pull/12411


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@druid.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@druid.apache.org
For additional commands, e-mail: commits-help@druid.apache.org