This is an automated email from the ASF dual-hosted git repository.
nihaljain pushed a commit to branch branch-2
in repository https://gitbox.apache.org/repos/asf/hbase.git
The following commit(s) were added to refs/heads/branch-2 by this push:
new 41621f02759 HBASE-28943 Remove all jackson 1.x dependencies for
hadoop-3 profile, since all jackson 1.x versions have vulnerabilities (#6405)
41621f02759 is described below
commit 41621f02759412ec47cff800c54a2452257248c3
Author: Nihal Jain <[email protected]>
AuthorDate: Wed Oct 30 12:25:26 2024 +0530
HBASE-28943 Remove all jackson 1.x dependencies for hadoop-3 profile, since
all jackson 1.x versions have vulnerabilities (#6405)
- Building hbase with hadoop-3 profile on branch-2, still requires jackson
1.x jars, which has vulnerabilities. Ideally these should not be needed as with
HADOOP-13332 hadoop has already "Remove jackson 1.9.13 and switch all jackson
code to 2.x code line" for branch-3.
- Also in HBASE-27148, where we worked on "Move minimum hadoop 3 support
version to 3.2.3", where we had done a similar cleanup for branch-3; but
somehow we missed to port the relevant changes to the branch-2 backport of same
jira. This task is to take care of this so that we do not need jackson 1.x to
build/run hbase with hadoop-3 profile on branch-2.x.
Signed-off-by: Duo Zhang <[email protected]>
Signed-off-by: Nick Dimiduk <[email protected]>
---
.../hbase-shaded-client-byo-hadoop/pom.xml | 32 ----------------------
hbase-shaded/hbase-shaded-mapreduce/pom.xml | 32 ----------------------
.../hbase-shaded-testing-util-tester/pom.xml | 26 ++++++++++++++----
hbase-shaded/hbase-shaded-testing-util/pom.xml | 12 ++++----
4 files changed, 26 insertions(+), 76 deletions(-)
diff --git a/hbase-shaded/hbase-shaded-client-byo-hadoop/pom.xml
b/hbase-shaded/hbase-shaded-client-byo-hadoop/pom.xml
index f636485d25d..1e6a3eb4e64 100644
--- a/hbase-shaded/hbase-shaded-client-byo-hadoop/pom.xml
+++ b/hbase-shaded/hbase-shaded-client-byo-hadoop/pom.xml
@@ -140,38 +140,6 @@
<artifactId>hadoop-common</artifactId>
<scope>provided</scope>
</dependency>
- <dependency>
- <groupId>org.codehaus.jackson</groupId>
- <artifactId>jackson-jaxrs</artifactId>
- <version>1.9.13</version>
- <scope>provided</scope>
- <exclusions>
- <exclusion>
- <groupId>org.codehaus.jackson</groupId>
- <artifactId>jackson-mapper-asl</artifactId>
- </exclusion>
- <exclusion>
- <groupId>org.codehaus.jackson</groupId>
- <artifactId>jackson-core-asl</artifactId>
- </exclusion>
- </exclusions>
- </dependency>
- <dependency>
- <groupId>org.codehaus.jackson</groupId>
- <artifactId>jackson-xc</artifactId>
- <version>1.9.13</version>
- <scope>provided</scope>
- <exclusions>
- <exclusion>
- <groupId>org.codehaus.jackson</groupId>
- <artifactId>jackson-mapper-asl</artifactId>
- </exclusion>
- <exclusion>
- <groupId>org.codehaus.jackson</groupId>
- <artifactId>jackson-core-asl</artifactId>
- </exclusion>
- </exclusions>
- </dependency>
</dependencies>
</profile>
</profiles>
diff --git a/hbase-shaded/hbase-shaded-mapreduce/pom.xml
b/hbase-shaded/hbase-shaded-mapreduce/pom.xml
index a5dd3c75540..b81d31f171a 100644
--- a/hbase-shaded/hbase-shaded-mapreduce/pom.xml
+++ b/hbase-shaded/hbase-shaded-mapreduce/pom.xml
@@ -359,38 +359,6 @@
</exclusion>
</exclusions>
</dependency>
- <dependency>
- <groupId>org.codehaus.jackson</groupId>
- <artifactId>jackson-jaxrs</artifactId>
- <version>1.9.13</version>
- <scope>provided</scope>
- <exclusions>
- <exclusion>
- <groupId>org.codehaus.jackson</groupId>
- <artifactId>jackson-mapper-asl</artifactId>
- </exclusion>
- <exclusion>
- <groupId>org.codehaus.jackson</groupId>
- <artifactId>jackson-core-asl</artifactId>
- </exclusion>
- </exclusions>
- </dependency>
- <dependency>
- <groupId>org.codehaus.jackson</groupId>
- <artifactId>jackson-xc</artifactId>
- <version>1.9.13</version>
- <scope>provided</scope>
- <exclusions>
- <exclusion>
- <groupId>org.codehaus.jackson</groupId>
- <artifactId>jackson-mapper-asl</artifactId>
- </exclusion>
- <exclusion>
- <groupId>org.codehaus.jackson</groupId>
- <artifactId>jackson-core-asl</artifactId>
- </exclusion>
- </exclusions>
- </dependency>
</dependencies>
</profile>
</profiles>
diff --git a/hbase-shaded/hbase-shaded-testing-util-tester/pom.xml
b/hbase-shaded/hbase-shaded-testing-util-tester/pom.xml
index 3ca535f5942..9c870afde1f 100644
--- a/hbase-shaded/hbase-shaded-testing-util-tester/pom.xml
+++ b/hbase-shaded/hbase-shaded-testing-util-tester/pom.xml
@@ -83,12 +83,26 @@
<artifactId>hbase-shaded-testing-util</artifactId>
<scope>test</scope>
</dependency>
- <dependency>
- <groupId>org.codehaus.jackson</groupId>
- <artifactId>jackson-mapper-asl</artifactId>
- <version>1.9.13</version>
- <scope>test</scope>
- </dependency>
</dependencies>
+ <profiles>
+ <profile>
+ <id>hadoop-2.0</id>
+ <activation>
+ <property>
+ <!--Below formatting for dev-support/generate-hadoopX-poms.sh-->
+ <!--h2-->
+ <name>!hadoop.profile</name>
+ </property>
+ </activation>
+ <dependencies>
+ <dependency>
+ <groupId>org.codehaus.jackson</groupId>
+ <artifactId>jackson-mapper-asl</artifactId>
+ <version>1.9.13</version>
+ <scope>test</scope>
+ </dependency>
+ </dependencies>
+ </profile>
+ </profiles>
</project>
diff --git a/hbase-shaded/hbase-shaded-testing-util/pom.xml
b/hbase-shaded/hbase-shaded-testing-util/pom.xml
index 3a42981c369..b3181e6f520 100644
--- a/hbase-shaded/hbase-shaded-testing-util/pom.xml
+++ b/hbase-shaded/hbase-shaded-testing-util/pom.xml
@@ -74,12 +74,6 @@
<type>test-jar</type>
<scope>compile</scope>
</dependency>
- <dependency>
- <groupId>org.codehaus.jackson</groupId>
- <artifactId>jackson-jaxrs</artifactId>
- <version>1.9.13</version>
- <scope>compile</scope>
- </dependency>
<dependency>
<groupId>org.apache.hbase</groupId>
<artifactId>hbase-testing-util</artifactId>
@@ -186,6 +180,12 @@
<type>test-jar</type>
<scope>compile</scope>
</dependency>
+ <dependency>
+ <groupId>org.codehaus.jackson</groupId>
+ <artifactId>jackson-jaxrs</artifactId>
+ <version>1.9.13</version>
+ <scope>compile</scope>
+ </dependency>
</dependencies>
</profile>
<!--
