[
https://issues.apache.org/jira/browse/HBASE-22728?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16900330#comment-16900330
]
Sean Busbey commented on HBASE-22728:
-------------------------------------
{quote}
bq. Above QA failure message for shadedjar is: Found Banned Dependency:
jdk.tools:jdk.tools:jar:1.8 (which also comes without the patch applied on
branch-1). Hope it is not a concern.
I'm not sure what that is about. Sean Busbey?{quote}
I think we used to accidentally include the tools.jar from the JDK in our
assembly? we can't do that because it's under the same terms as the JDK. if
it's also in the branch and shows up on nightly, then I wouldn't worry about
fixing it here. But we should figure out what's going on, generally. I'll make
a jira and dig in when I can. If anyone else has time before a linked jira
shows up, please feel free to not wait for me.
> Upgrade jackson dependencies in branch-1
> ----------------------------------------
>
> Key: HBASE-22728
> URL: https://issues.apache.org/jira/browse/HBASE-22728
> Project: HBase
> Issue Type: Sub-task
> Affects Versions: 1.4.10, 1.3.5
> Reporter: Andrew Purtell
> Assignee: Viraj Jasani
> Priority: Major
> Fix For: 1.5.0, 1.3.6, 1.4.11
>
> Attachments: HBASE-22728.branch-1.01.patch,
> HBASE-22728.branch-1.02.patch, HBASE-22728.branch-1.04.patch,
> HBASE-22728.branch-1.06.patch, dependency_codehaus.out
>
>
> Avoid Jackson versions and dependencies with known CVEs
--
This message was sent by Atlassian JIRA
(v7.6.14#76016)
