Adam Roberts created HADOOP-17534:
-------------------------------------
Summary: Upgrade Jackson databind to 2.10.5.1
Key: HADOOP-17534
URL: https://issues.apache.org/jira/browse/HADOOP-17534
Project: Hadoop Common
Issue Type: Bug
Reporter: Adam Roberts
Hey everyone, we've done a container scan of Hadoop 3.2.2 we are using to build
a shaded version of a Flink uber jar with, and noticed several apparent
problems that are primarily related to
com.faster.xml.jackson.core_jackson-databind.
Specifically the report claims version 2.4.0 of the library is used (am not
sure about this part personally so I may be mistaken) and the fix suggestion I
see is to move up to either 2.10.5.1, 2.9.10.8, 2.6.7.4 as appropriate.
I believe 2.10.3 is actually what's currently in use based on
[https://github.com/apache/hadoop/blob/4cf35315838a6e65f87ed64aaa8f1d31594c7fcd/hadoop-project/pom.xml#L75|https://github.com/apache/hadoop/blob/4cf35315838a6e65f87ed64aaa8f1d31594c7fcd/hadoop-project/pom.xml#L75.]
Hopefully not a far-reaching change as I know changing dependencies can
sometimes have a big knock-on effect, anyway - figured I'd report it incase
someone plans to work on it.
Again do note that this is using a scan of an image built for Flink 1.11.3, but
using Hadoop so it has a bunch of the same classes in, and I do believe that in
Flink itself, the version of Jackson pulled in does not have the same problems,
thus my thinking it is related to the Hadoop dependencies.
Thanks!
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: common-dev-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-dev-h...@hadoop.apache.org
