[jira] [Work logged] (HADOOP-18178) Upgrade jackson to 2.13.2 and jackson-databind to 2.13.2.2

Mon, 11 Jul 2022 03:16:07 -0700 


     [ 
https://issues.apache.org/jira/browse/HADOOP-18178?focusedWorklogId=789443&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-789443
 ]

ASF GitHub Bot logged work on HADOOP-18178:
-------------------------------------------

                Author: ASF GitHub Bot
            Created on: 11/Jul/22 10:15
            Start Date: 11/Jul/22 10:15
    Worklog Time Spent: 10m 
      Work Description: ayushtkn commented on PR #4544:
URL: https://github.com/apache/hadoop/pull/4544#issuecomment-1180215296

   @pjfanning Yes, that CVE fixed in a released version is a problem. But 
downstream projects don't have an option I think. There are two dependencies 
coming in and conflicting, since they have same classes, Jersey upgrade can be 
a solution at Hadoop, but that also leads to incompatible changes(Our initial 
assumptions & past experiences).
   Bunch of details here:
   https://github.com/apache/hadoop/pull/4461
   and in the end here:
   https://issues.apache.org/jira/browse/HADOOP-18033
   
   It leads to issues with Spark, Tez, Hive & 
kyuubi(https://github.com/apache/incubator-kyuubi/issues/2904), The Tez jira 
and other details are also linked in HADOOP-18033.
   Do let me know your thoughts? Plan is to put in the release notes and flag 
it may be in the release announcement and so, and re-work the Jackson upgrade 
along with Jersey without blocking any release lines




Issue Time Tracking
-------------------

    Worklog Id:     (was: 789443)
    Time Spent: 3.5h  (was: 3h 20m)

> Upgrade jackson to 2.13.2 and jackson-databind to 2.13.2.2
> ----------------------------------------------------------
>
>                 Key: HADOOP-18178
>                 URL: https://issues.apache.org/jira/browse/HADOOP-18178
>             Project: Hadoop Common
>          Issue Type: Bug
>            Reporter: PJ Fanning
>            Assignee: PJ Fanning
>            Priority: Major
>              Labels: pull-request-available
>             Fix For: 3.4.0, 3.3.3
>
>          Time Spent: 3.5h
>  Remaining Estimate: 0h
>
> https://github.com/FasterXML/jackson-databind/issues/2816



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to