[jira] [Commented] (HADOOP-18468) upgrade jettison json jar due to security issue

[ASF GitHub Bot (Jira)]

    [ 
https://issues.apache.org/jira/browse/HADOOP-18468?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17609516#comment-17609516
 ] 

ASF GitHub Bot commented on HADOOP-18468:
-----------------------------------------

steveloughran commented on PR #4937:
URL: https://github.com/apache/hadoop/pull/4937#issuecomment-1258100679

   container launch problems?
   ```
   
   [2022-09-25T18:38:50.037Z] 
============================================================================
   
   [2022-09-25T18:38:50.037Z] 
============================================================================
   
   [2022-09-25T18:38:50.037Z]           Checking client artifacts on branch 
with shaded clients
   
   [2022-09-25T18:38:50.037Z] 
============================================================================
   
   [2022-09-25T18:38:50.037Z] 
============================================================================
   
   [2022-09-25T18:38:50.037Z] 
   
   [2022-09-25T18:38:50.037Z] 
   
   [2022-09-25T18:38:56.988Z] cd 
/home/jenkins/jenkins-agent/workspace/hadoop-multibranch_PR-4937/ubuntu-focal/src
   
   [2022-09-25T18:38:56.988Z] /usr/bin/mvn --batch-mode 
-Dmaven.repo.local=/home/jenkins/jenkins-agent/workspace/hadoop-multibranch_PR-4937/yetus-m2/hadoop-trunk-patch-0
 verify -fae --batch-mode -am -pl 
hadoop-client-modules/hadoop-client-check-invariants -pl 
hadoop-client-modules/hadoop-client-check-test-invariants -pl 
hadoop-client-modules/hadoop-client-integration-tests -Dtest=NoUnitTests 
-Dmaven.javadoc.skip=true -Dcheckstyle.skip=true -Dspotbugs.skip=true > 
/home/jenkins/jenkins-agent/workspace/hadoop-multibranch_PR-4937/ubuntu-focal/out/branch-shadedclient.txt
 2>&1
   
   [2022-09-25T18:39:39.312Z] ERROR: Caught signal TERM.
   
   [2022-09-25T18:39:41.470Z] time="2022-09-25T18:39:41Z" level=error 
msg="error waiting for container: unexpected EOF"
   ```
   




> upgrade jettison json jar due to security issue
> -----------------------------------------------
>
>                 Key: HADOOP-18468
>                 URL: https://issues.apache.org/jira/browse/HADOOP-18468
>             Project: Hadoop Common
>          Issue Type: Improvement
>            Reporter: PJ Fanning
>            Priority: Major
>              Labels: pull-request-available
>
> A fix for [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40149]
>  
> [https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1]
> [https://github.com/advisories/GHSA-56h3-78gp-v83r]



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org