You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-issues@hadoop.apache.org by GitBox <gi...@apache.org> on 2020/03/05 00:10:04 UTC
[GitHub] [hadoop] jojochuang opened a new pull request #1876: HADOOP-16905.
Update jackson-databind to 2.10.3 to relieve us from the endless CVE patches.
jojochuang opened a new pull request #1876: HADOOP-16905. Update jackson-databind to 2.10.3 to relieve us from the endless CVE patches.
URL: https://github.com/apache/hadoop/pull/1876
## NOTICE
Please create an issue in ASF JIRA before opening a pull request,
and you need to set the title of the pull request which starts with
the corresponding JIRA issue number. (e.g. HADOOP-XXXXX. Fix a typo in YYY.)
For more details, please see https://cwiki.apache.org/confluence/display/HADOOP/How+To+Contribute
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org
[GitHub] [hadoop] jojochuang commented on issue #1876: HADOOP-16905. Update
jackson-databind to 2.10.3 to relieve us from the endless CVE patches.
Posted by GitBox <gi...@apache.org>.
jojochuang commented on issue #1876: HADOOP-16905. Update jackson-databind to 2.10.3 to relieve us from the endless CVE patches.
URL: https://github.com/apache/hadoop/pull/1876#issuecomment-595568454
I'm extremely sorry for that. Updated PR. The code compiles locally.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org
[GitHub] [hadoop] aajisaka commented on issue #1876: HADOOP-16905. Update
jackson-databind to 2.10.3 to relieve us from the endless CVE patches.
Posted by GitBox <gi...@apache.org>.
aajisaka commented on issue #1876: HADOOP-16905. Update jackson-databind to 2.10.3 to relieve us from the endless CVE patches.
URL: https://github.com/apache/hadoop/pull/1876#issuecomment-595596332
LGTM, +1. Thanks @jojochuang and @iwasakims
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org
[GitHub] [hadoop] iwasakims commented on issue #1876: HADOOP-16905. Update
jackson-databind to 2.10.3 to relieve us from the endless CVE patches.
Posted by GitBox <gi...@apache.org>.
iwasakims commented on issue #1876: HADOOP-16905. Update jackson-databind to 2.10.3 to relieve us from the endless CVE patches.
URL: https://github.com/apache/hadoop/pull/1876#issuecomment-595553751
@jojochuang Thanks for the update. Is reverting the change of hadoop-project/pom.xml in the second commit intentional?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org
[GitHub] [hadoop] hadoop-yetus commented on issue #1876: HADOOP-16905.
Update jackson-databind to 2.10.3 to relieve us from the endless CVE patches.
Posted by GitBox <gi...@apache.org>.
hadoop-yetus commented on issue #1876: HADOOP-16905. Update jackson-databind to 2.10.3 to relieve us from the endless CVE patches.
URL: https://github.com/apache/hadoop/pull/1876#issuecomment-595593087
:broken_heart: **-1 overall**
| Vote | Subsystem | Runtime | Comment |
|:----:|----------:|--------:|:--------|
| +0 :ok: | reexec | 1m 33s | Docker mode activated. |
||| _ Prechecks _ |
| +1 :green_heart: | dupname | 0m 0s | No case conflicting files found. |
| +1 :green_heart: | @author | 0m 0s | The patch does not contain any @author tags. |
| -1 :x: | test4tests | 0m 0s | The patch doesn't appear to include any new or modified tests. Please justify why no new tests are needed for this patch. Also please list what manual steps were performed to verify this patch. |
||| _ trunk Compile Tests _ |
| +0 :ok: | mvndep | 1m 12s | Maven dependency ordering for branch |
| +1 :green_heart: | mvninstall | 22m 14s | trunk passed |
| +1 :green_heart: | compile | 18m 12s | trunk passed |
| +1 :green_heart: | mvnsite | 0m 56s | trunk passed |
| +1 :green_heart: | shadedclient | 58m 41s | branch has no errors when building and testing our client artifacts. |
| +1 :green_heart: | javadoc | 0m 54s | trunk passed |
||| _ Patch Compile Tests _ |
| +0 :ok: | mvndep | 0m 27s | Maven dependency ordering for patch |
| +1 :green_heart: | mvninstall | 2m 53s | the patch passed |
| +1 :green_heart: | compile | 17m 23s | the patch passed |
| +1 :green_heart: | javac | 17m 23s | the patch passed |
| +1 :green_heart: | mvnsite | 0m 54s | the patch passed |
| +1 :green_heart: | whitespace | 0m 0s | The patch has no whitespace issues. |
| +1 :green_heart: | xml | 0m 2s | The patch has no ill-formed XML file. |
| +1 :green_heart: | shadedclient | 15m 35s | patch has no errors when building and testing our client artifacts. |
| +1 :green_heart: | javadoc | 0m 53s | the patch passed |
||| _ Other Tests _ |
| +1 :green_heart: | unit | 0m 24s | hadoop-project in the patch passed. |
| +1 :green_heart: | unit | 0m 25s | hadoop-client-runtime in the patch passed. |
| +1 :green_heart: | asflicense | 0m 45s | The patch does not generate ASF License warnings. |
| | | 103m 45s | |
| Subsystem | Report/Notes |
|----------:|:-------------|
| Docker | Client=19.03.7 Server=19.03.7 base: https://builds.apache.org/job/hadoop-multibranch/job/PR-1876/3/artifact/out/Dockerfile |
| GITHUB PR | https://github.com/apache/hadoop/pull/1876 |
| Optional Tests | dupname asflicense compile javac javadoc mvninstall mvnsite unit shadedclient xml |
| uname | Linux 833bbae1c1fa 4.15.0-74-generic #84-Ubuntu SMP Thu Dec 19 08:06:28 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux |
| Build tool | maven |
| Personality | personality/hadoop.sh |
| git revision | trunk / 004e955 |
| Default Java | 1.8.0_242 |
| Test Results | https://builds.apache.org/job/hadoop-multibranch/job/PR-1876/3/testReport/ |
| Max. process+thread count | 310 (vs. ulimit of 5500) |
| modules | C: hadoop-project hadoop-client-modules/hadoop-client-runtime U: . |
| Console output | https://builds.apache.org/job/hadoop-multibranch/job/PR-1876/3/console |
| versions | git=2.7.4 maven=3.3.9 |
| Powered by | Apache Yetus 0.11.1 https://yetus.apache.org |
This message was automatically generated.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org
[GitHub] [hadoop] hadoop-yetus commented on issue #1876: HADOOP-16905.
Update jackson-databind to 2.10.3 to relieve us from the endless CVE patches.
Posted by GitBox <gi...@apache.org>.
hadoop-yetus commented on issue #1876: HADOOP-16905. Update jackson-databind to 2.10.3 to relieve us from the endless CVE patches.
URL: https://github.com/apache/hadoop/pull/1876#issuecomment-594987740
:broken_heart: **-1 overall**
| Vote | Subsystem | Runtime | Comment |
|:----:|----------:|--------:|:--------|
| +0 :ok: | reexec | 45m 44s | Docker mode activated. |
||| _ Prechecks _ |
| +1 :green_heart: | dupname | 0m 0s | No case conflicting files found. |
| +1 :green_heart: | @author | 0m 0s | The patch does not contain any @author tags. |
| -1 :x: | test4tests | 0m 0s | The patch doesn't appear to include any new or modified tests. Please justify why no new tests are needed for this patch. Also please list what manual steps were performed to verify this patch. |
||| _ trunk Compile Tests _ |
| +1 :green_heart: | mvninstall | 24m 39s | trunk passed |
| +1 :green_heart: | compile | 0m 15s | trunk passed |
| +1 :green_heart: | mvnsite | 0m 22s | trunk passed |
| +1 :green_heart: | shadedclient | 42m 20s | branch has no errors when building and testing our client artifacts. |
| +1 :green_heart: | javadoc | 0m 17s | trunk passed |
||| _ Patch Compile Tests _ |
| +1 :green_heart: | mvninstall | 0m 12s | the patch passed |
| +1 :green_heart: | compile | 0m 10s | the patch passed |
| +1 :green_heart: | javac | 0m 10s | the patch passed |
| +1 :green_heart: | mvnsite | 0m 12s | the patch passed |
| +1 :green_heart: | whitespace | 0m 0s | The patch has no whitespace issues. |
| +1 :green_heart: | xml | 0m 2s | The patch has no ill-formed XML file. |
| -1 :x: | shadedclient | 17m 34s | patch has errors when building and testing our client artifacts. |
| +1 :green_heart: | javadoc | 0m 13s | the patch passed |
||| _ Other Tests _ |
| +1 :green_heart: | unit | 0m 13s | hadoop-project in the patch passed. |
| +1 :green_heart: | asflicense | 0m 28s | The patch does not generate ASF License warnings. |
| | | 109m 40s | |
| Subsystem | Report/Notes |
|----------:|:-------------|
| Docker | Client=19.03.7 Server=19.03.7 base: https://builds.apache.org/job/hadoop-multibranch/job/PR-1876/1/artifact/out/Dockerfile |
| GITHUB PR | https://github.com/apache/hadoop/pull/1876 |
| Optional Tests | dupname asflicense compile javac javadoc mvninstall mvnsite unit shadedclient xml |
| uname | Linux 35f475a87775 4.15.0-74-generic #84-Ubuntu SMP Thu Dec 19 08:06:28 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux |
| Build tool | maven |
| Personality | personality/hadoop.sh |
| git revision | trunk / 2649f8b |
| Default Java | 1.8.0_242 |
| Test Results | https://builds.apache.org/job/hadoop-multibranch/job/PR-1876/1/testReport/ |
| Max. process+thread count | 330 (vs. ulimit of 5500) |
| modules | C: hadoop-project U: hadoop-project |
| Console output | https://builds.apache.org/job/hadoop-multibranch/job/PR-1876/1/console |
| versions | git=2.7.4 maven=3.3.9 |
| Powered by | Apache Yetus 0.11.1 https://yetus.apache.org |
This message was automatically generated.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org
[GitHub] [hadoop] hadoop-yetus commented on issue #1876: HADOOP-16905.
Update jackson-databind to 2.10.3 to relieve us from the endless CVE patches.
Posted by GitBox <gi...@apache.org>.
hadoop-yetus commented on issue #1876: HADOOP-16905. Update jackson-databind to 2.10.3 to relieve us from the endless CVE patches.
URL: https://github.com/apache/hadoop/pull/1876#issuecomment-595297999
:broken_heart: **-1 overall**
| Vote | Subsystem | Runtime | Comment |
|:----:|----------:|--------:|:--------|
| +0 :ok: | reexec | 1m 21s | Docker mode activated. |
||| _ Prechecks _ |
| +1 :green_heart: | dupname | 0m 0s | No case conflicting files found. |
| +1 :green_heart: | @author | 0m 0s | The patch does not contain any @author tags. |
| -1 :x: | test4tests | 0m 0s | The patch doesn't appear to include any new or modified tests. Please justify why no new tests are needed for this patch. Also please list what manual steps were performed to verify this patch. |
||| _ trunk Compile Tests _ |
| +0 :ok: | mvndep | 0m 21s | Maven dependency ordering for branch |
| +1 :green_heart: | mvninstall | 21m 33s | trunk passed |
| +1 :green_heart: | compile | 17m 50s | trunk passed |
| +1 :green_heart: | mvnsite | 0m 51s | trunk passed |
| +1 :green_heart: | shadedclient | 56m 26s | branch has no errors when building and testing our client artifacts. |
| +1 :green_heart: | javadoc | 0m 49s | trunk passed |
||| _ Patch Compile Tests _ |
| +0 :ok: | mvndep | 0m 20s | Maven dependency ordering for patch |
| +1 :green_heart: | mvninstall | 2m 49s | the patch passed |
| +1 :green_heart: | compile | 17m 13s | the patch passed |
| +1 :green_heart: | javac | 17m 13s | the patch passed |
| +1 :green_heart: | mvnsite | 0m 52s | the patch passed |
| +1 :green_heart: | whitespace | 0m 0s | The patch has no whitespace issues. |
| +1 :green_heart: | xml | 0m 3s | The patch has no ill-formed XML file. |
| +1 :green_heart: | shadedclient | 15m 30s | patch has no errors when building and testing our client artifacts. |
| +1 :green_heart: | javadoc | 0m 48s | the patch passed |
||| _ Other Tests _ |
| +1 :green_heart: | unit | 0m 23s | hadoop-project in the patch passed. |
| +1 :green_heart: | unit | 0m 24s | hadoop-client-runtime in the patch passed. |
| +1 :green_heart: | asflicense | 0m 45s | The patch does not generate ASF License warnings. |
| | | 100m 33s | |
| Subsystem | Report/Notes |
|----------:|:-------------|
| Docker | Client=19.03.7 Server=19.03.7 base: https://builds.apache.org/job/hadoop-multibranch/job/PR-1876/2/artifact/out/Dockerfile |
| GITHUB PR | https://github.com/apache/hadoop/pull/1876 |
| Optional Tests | dupname asflicense compile javac javadoc mvninstall mvnsite unit shadedclient xml |
| uname | Linux 00d13599f21d 4.15.0-74-generic #84-Ubuntu SMP Thu Dec 19 08:06:28 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux |
| Build tool | maven |
| Personality | personality/hadoop.sh |
| git revision | trunk / 004e955 |
| Default Java | 1.8.0_242 |
| Test Results | https://builds.apache.org/job/hadoop-multibranch/job/PR-1876/2/testReport/ |
| Max. process+thread count | 308 (vs. ulimit of 5500) |
| modules | C: hadoop-project hadoop-client-modules/hadoop-client-runtime U: . |
| Console output | https://builds.apache.org/job/hadoop-multibranch/job/PR-1876/2/console |
| versions | git=2.7.4 maven=3.3.9 |
| Powered by | Apache Yetus 0.11.1 https://yetus.apache.org |
This message was automatically generated.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org
[GitHub] [hadoop] iwasakims commented on issue #1876: HADOOP-16905. Update
jackson-databind to 2.10.3 to relieve us from the endless CVE patches.
Posted by GitBox <gi...@apache.org>.
iwasakims commented on issue #1876: HADOOP-16905. Update jackson-databind to 2.10.3 to relieve us from the endless CVE patches.
URL: https://github.com/apache/hadoop/pull/1876#issuecomment-595004260
looks like `jackson2.version` should be updated too.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org
[GitHub] [hadoop] jojochuang commented on issue #1876: HADOOP-16905. Update
jackson-databind to 2.10.3 to relieve us from the endless CVE patches.
Posted by GitBox <gi...@apache.org>.
jojochuang commented on issue #1876: HADOOP-16905. Update jackson-databind to 2.10.3 to relieve us from the endless CVE patches.
URL: https://github.com/apache/hadoop/pull/1876#issuecomment-595014877
Thanks. In that case it's much more complex. jackson 2.10.3 has extra dependency and it breaks Hadoop shading. I'll take a further look later.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org
[GitHub] [hadoop] iwasakims commented on issue #1876: HADOOP-16905. Update
jackson-databind to 2.10.3 to relieve us from the endless CVE patches.
Posted by GitBox <gi...@apache.org>.
iwasakims commented on issue #1876: HADOOP-16905. Update jackson-databind to 2.10.3 to relieve us from the endless CVE patches.
URL: https://github.com/apache/hadoop/pull/1876#issuecomment-594997552
`mvn test -Dtest=TestDelegationTokenAuthenticationHandlerWithMocks,TestWebDelegationToken` reproducibly fails with the error like "java.lang.NoClassDefFoundError: com/fasterxml/jackson/core/exc/InputCoercionException" on my local. I'm looking into the cause.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org
[GitHub] [hadoop] iwasakims merged pull request #1876: HADOOP-16905. Update
jackson-databind to 2.10.3 to relieve us from the endless CVE patches.
Posted by GitBox <gi...@apache.org>.
iwasakims merged pull request #1876: HADOOP-16905. Update jackson-databind to 2.10.3 to relieve us from the endless CVE patches.
URL: https://github.com/apache/hadoop/pull/1876
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org