[
https://issues.apache.org/jira/browse/CASSANDRA-15867?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17140462#comment-17140462
]
Stefan Miklosovic edited comment on CASSANDRA-15867 at 6/19/20, 11:38 AM:
--------------------------------------------------------------------------
Hi [~tomasz.lasica] and [~brandon.williams]
These classes are in the package jar jackson-core-asl (old imports, from
"codehaus", not fasterxml jackson), but interestingly enough, that jar is in
"build/lib/jars" but it is not in "lib". If I start with completely clean build
dir, and I do "ant artifacts", it all builds but in the resulting tarball there
are not these jars (which is right), but they are part of "build/lib/jars" and
I do not have a slightest clue why they are there because they are not
referenced in whole build.xml, who is adding them there?
build/lib/jars/jackson-core-asl-1.0.1.jar
build/lib/jackson-mapper-asl-1.0.1.jar
This should fix it [https://github.com/apache/cassandra/pull/645]
was (Author: stefan.miklosovic):
Hi [~tomasz.lasica] and [~brandon.williams]
These classes are in the package jar jackson-core-asl, but interestingly
enough, that jar is in "build/lib/jars" but it is not in "lib". If I start with
completely clean build dir, and I do "ant artifacts", it all builds but in the
resulting tarball there are not these jars (which is right), but they are part
of "build/lib/jars" and I do not have a slightest clue why they are there
because they are not referenced in whole build.xml, who is adding them there?
build/lib/jars/jackson-core-asl-1.0.1.jar
build/lib/jackson-mapper-asl-1.0.1.jar
This should fix it [https://github.com/apache/cassandra/pull/645]
> Update Jackson version to 2.9.10.1 because there are security issues in 2.9.5
> -----------------------------------------------------------------------------
>
> Key: CASSANDRA-15867
> URL: https://issues.apache.org/jira/browse/CASSANDRA-15867
> Project: Cassandra
> Issue Type: Task
> Components: Dependencies
> Reporter: Stefan Miklosovic
> Assignee: Stefan Miklosovic
> Priority: Normal
> Fix For: 3.11.7, 4.0-alpha5
>
> Attachments: dependency-check-report.html
>
>
> Please see attached HTML report from OWASP dependency check for current
> 4.0-alpha5 trunk branch.
>
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
