[ https://issues.apache.org/jira/browse/HADOOP-13332?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
PJ Fanning updated HADOOP-13332: -------------------------------- Description: This jackson 1.9 code line is no longer maintained and has a number of issues, including some issues related to XML Entity Expansion vulnerabilities. http://stackoverflow.com/questions/38017676/small-fix-for-cve-2016-3720-with-older-versions-of-jackson-all-1-9-11-and-in-ja Most changes from jackson 1.9 to 2.x just involve changing the package name. was: There's no rush to do this; this is just the JIRA to track versions. However, without the upgrade, things written for Jackson 2.4.4 can break ( SPARK-12807) being Jackson, this is a potentially dangerous update. > Remove jackson 1.9.13 and switch all jackson code to 2.x code line > ------------------------------------------------------------------ > > Key: HADOOP-13332 > URL: https://issues.apache.org/jira/browse/HADOOP-13332 > Project: Hadoop Common > Issue Type: Sub-task > Components: build > Affects Versions: 2.8.0 > Reporter: PJ Fanning > > This jackson 1.9 code line is no longer maintained and has a number of > issues, including some issues related to XML Entity Expansion > vulnerabilities. > http://stackoverflow.com/questions/38017676/small-fix-for-cve-2016-3720-with-older-versions-of-jackson-all-1-9-11-and-in-ja > Most changes from jackson 1.9 to 2.x just involve changing the package name. -- This message was sent by Atlassian JIRA (v6.3.4#6332) --------------------------------------------------------------------- To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org