[
https://issues.apache.org/jira/browse/HADOOP-17225?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17420529#comment-17420529
]
Akira Ajisaka commented on HADOOP-17225:
----------------------------------------
It seems that we need to add the external repository
(https://packages.atlassian.com/mvn/maven-atlassian-external/) to compile.
Given the exploits in the CVEs do not happen in Hadoop, is it worth fixing the
dependency by adding the external repository?
> Update jackson-mapper-asl-1.9.13 to atlassian version to mitigate:
> CVE-2019-10172
> ---------------------------------------------------------------------------------
>
> Key: HADOOP-17225
> URL: https://issues.apache.org/jira/browse/HADOOP-17225
> Project: Hadoop Common
> Issue Type: Bug
> Reporter: Brahma Reddy Battula
> Assignee: Brahma Reddy Battula
> Priority: Major
> Attachments: HADOOP-17225-001.patch, HADOOP-17225-002.patch
>
>
> Currently jersey depends on the jackson, and upgradation of jersey from 1.X
> to 2.x looks complicated(see HADOOP-15984 and HADOOP-16485).
> Update jackson-mapper-asl-1.9.13 to atlassian version to mitigate:
> CVE-2019-10172.
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
