[
https://issues.apache.org/jira/browse/HADOOP-17343?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17353305#comment-17353305
]
Steve Loughran commented on HADOOP-17343:
-----------------------------------------
HADOOP-17735 and PR is the latest, please checkout and verify it works.
do bear in mind
* the shaded jackson used by AWS is only used in its code, and they don't do
the arbitrary object deserialization which is an issue with jackson. It may be
showing up on your audits, but it's not an actual vulnerability
* there's a hadoop-aws/testing.md doc which provides the runbook for qualifying
an update. You are free to provide backport PRs once that one is in, but you do
get to invest an afternoon per cherrypick rerunning all the tests, including
the manual ones.
> Upgrade aws-java-sdk to 1.11.901
> --------------------------------
>
> Key: HADOOP-17343
> URL: https://issues.apache.org/jira/browse/HADOOP-17343
> Project: Hadoop Common
> Issue Type: Sub-task
> Components: build, fs/s3
> Affects Versions: 3.3.1, 3.4.0
> Reporter: Dongjoon Hyun
> Assignee: Steve Loughran
> Priority: Minor
> Labels: pull-request-available
> Fix For: 3.3.1
>
> Time Spent: 4h
> Remaining Estimate: 0h
>
> Upgrade AWS SDK to most recent version
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
