This is an automated email from the ASF dual-hosted git repository. mblow pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/asterixdb.git
commit 5725e3df96924da13da1e27fe6e901b8e346560f Author: Michael Blow <[email protected]> AuthorDate: Mon Mar 7 16:34:08 2022 -0500 [NO ISSUE][*DB][MISC] pickup HADOOP-17225 patch to mitigate CVE-2019-10172 Change-Id: If84ef913395c75baf64e4b9c459f0d5b3303efd5 Reviewed-on: https://asterix-gerrit.ics.uci.edu/c/asterixdb/+/15584 Integration-Tests: Jenkins <[email protected]> Reviewed-by: Michael Blow <[email protected]> Reviewed-by: Hussain Towaileb <[email protected]> Tested-by: Jenkins <[email protected]> --- asterixdb/asterix-external-data/pom.xml | 30 ++++++++++++++++++++++++++++++ asterixdb/asterix-server/pom.xml | 7 +++++++ 2 files changed, 37 insertions(+) diff --git a/asterixdb/asterix-external-data/pom.xml b/asterixdb/asterix-external-data/pom.xml index a5ce71d..c91c9e1 100644 --- a/asterixdb/asterix-external-data/pom.xml +++ b/asterixdb/asterix-external-data/pom.xml @@ -506,6 +506,29 @@ <dependency> <groupId>org.apache.hadoop</groupId> <artifactId>hadoop-azure</artifactId> + <exclusions> + <!-- apply patch for HADOOP-17225 to workaround CVE-2019-10172 --> + <exclusion> + <groupId>org.codehaus.jackson</groupId> + <artifactId>jackson-mapper-asl</artifactId> + </exclusion> + <exclusion> + <groupId>org.codehaus.jackson</groupId> + <artifactId>jackson-core-asl</artifactId> + </exclusion> + </exclusions> + </dependency> + <!-- apply patch for HADOOP-17225 to workaround CVE-2019-10172 --> + <dependency> + <groupId>org.codehaus.jackson</groupId> + <artifactId>jackson-mapper-asl</artifactId> + <version>1.9.13-atlassian-6</version> + </dependency> + <!-- apply patch for HADOOP-17225 to workaround CVE-2019-10172 --> + <dependency> + <groupId>org.codehaus.jackson</groupId> + <artifactId>jackson-core-asl</artifactId> + <version>1.9.13-atlassian-6</version> </dependency> <dependency> <groupId>io.netty</groupId> @@ -520,4 +543,11 @@ <artifactId>netty-transport-native-unix-common</artifactId> </dependency> </dependencies> + <!-- apply patch for HADOOP-17225 to workaround CVE-2019-10172 --> + <repositories> + <repository> + <id>atlassian-3rdparty</id> + <url>https://packages.atlassian.com/maven-3rdparty/</url> + </repository> + </repositories> </project> diff --git a/asterixdb/asterix-server/pom.xml b/asterixdb/asterix-server/pom.xml index d8ad238..c5ba4cc 100644 --- a/asterixdb/asterix-server/pom.xml +++ b/asterixdb/asterix-server/pom.xml @@ -1098,4 +1098,11 @@ <artifactId>hyracks-api</artifactId> </dependency> </dependencies> + <!-- apply patch for HADOOP-17225 to workaround CVE-2019-10172 --> + <repositories> + <repository> + <id>atlassian-3rdparty</id> + <url>https://packages.atlassian.com/maven-3rdparty/</url> + </repository> + </repositories> </project>
