[jira] [Work logged] (BEAM-9162) Upgrade Jackson to version 2.10.2

Fri, 21 Feb 2020 09:32:23 -0800 


     [ 
https://issues.apache.org/jira/browse/BEAM-9162?focusedWorklogId=390797&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-390797
 ]

ASF GitHub Bot logged work on BEAM-9162:
----------------------------------------

                Author: ASF GitHub Bot
            Created on: 21/Feb/20 17:31
            Start Date: 21/Feb/20 17:31
    Worklog Time Spent: 10m 
      Work Description: lukecwik commented on issue #10643: [BEAM-9162] Upgrade 
Jackson to version 2.10.2
URL: https://github.com/apache/beam/pull/10643#issuecomment-589754377
 
 
   We use a mix of jackson-dataformat-csv / jackson-dataformat-xml since it is 
brought in transitively through our dependencies such as 
`org.apache.beam:beam-sdks-java-io-rabbitmq:2.20.0-SNAPSHOT (compile) / 
com.rabbitmq:amqp-client:5.7.3 (compile) / io.micrometer:micrometer-core:1.2.0 
(compile, optional) / org.apache.logging.log4j:log4j-core:2.12.0`
   
   To improve our current usage we need to ensure that we declare 2.10.2 
versions of jackson libraries in
   ```
   > jackson-dataformat-xml-2.8.7.jar is at:
   >   org.apache.beam:beam-sdks-java-extensions-sql:2.20.0-SNAPSHOT (compile) 
/ com.alibaba:fastjson:1.2.49 (compile) / 
org.springframework:spring-webmvc:4.3.7.RELEASE (provided, optional) / 
com.fasterxml.jackson.dataformat:jackson-dataformat-xml:2.8.7 (compile, 
optional)
   
   > jackson-dataformat-xml-2.9.9.jar is at:
   >   org.apache.beam:beam-sdks-java-io-rabbitmq:2.20.0-SNAPSHOT (compile) / 
com.rabbitmq:amqp-client:5.7.3 (compile) / io.micrometer:micrometer-core:1.2.0 
(compile, optional) / org.apache.logging.log4j:log4j-core:2.12.0 (compile, 
optional) / com.fasterxml.jackson.dataformat:jackson-dataformat-xml:2.9.9 
(compile, optional)
   
   < jackson-dataformat-csv-2.10.0.jar is at:
   org.apache.beam:beam-sdks-java-io-kafka:2.20.0-SNAPSHOT (compile) / 
io.confluent:kafka-avro-serializer:5.3.2 (compile) / 
org.apache.kafka:kafka_2.12:5.3.2-ccs (provided) / 
com.fasterxml.jackson.dataformat:jackson-dataformat-csv:2.10.0 (provided)
   ```
   
   I would say that this PR is a net positive since the prior version of 
Jackson didn't match the dataformat versions anyway but your analysis points to 
some simple additional changes we could do to improve consistency because of 
what a downstream dependency is bringing in.
   
   Filed https://issues.apache.org/jira/browse/BEAM-9352 for further 
improvements.
 
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
[email protected]


Issue Time Tracking
-------------------

    Worklog Id:     (was: 390797)
    Time Spent: 4h 10m  (was: 4h)

> Upgrade Jackson to version 2.10.2
> ---------------------------------
>
>                 Key: BEAM-9162
>                 URL: https://issues.apache.org/jira/browse/BEAM-9162
>             Project: Beam
>          Issue Type: Improvement
>          Components: build-system, sdk-java-core
>            Reporter: Ismaël Mejía
>            Assignee: Ismaël Mejía
>            Priority: Minor
>             Fix For: 2.20.0
>
>          Time Spent: 4h 10m
>  Remaining Estimate: 0h
>
> Jackson has a new way to deal with [deserialization security 
> issues|https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.10] in 
> 2.10.x so worth the upgrade.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to