[ https://issues.apache.org/jira/browse/HBASE-22728?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16904381#comment-16904381 ]
Viraj Jasani edited comment on HBASE-22728 at 8/13/19 7:00 PM: --------------------------------------------------------------- 'test' would not work for hbase-server since it has exposure of jackson dependency in source code. May be we can move to fasterxml.jackson for hbase-server too? Eventually we can backport HBASE-20587 to branch-1 but as part of this Jira, since we are moving to fasterxml.jackson for hbase-rest, may be we can stick to it for hbase-server too. Let me give it a shot and see if everything goes good including unpacking tarball and bringing up HMaster. was (Author: vjasani): 'test' would not work for hbase-server since it has exposure of jackson dependency in source code. May be we can move to fasterxml.jackson for hbase-server too and keep it at 'compile' scope(safer latest version)? Eventually we can backport HBASE-20587 to branch-1 but as part of this Jira, since we are moving to fasterxml.jackson for hbase-rest, may be we can stick to it for hbase-server too. Let me give it a shot and see if everything goes good including unpacking tarball and bringing up HMaster. > Upgrade jackson dependencies in branch-1 > ---------------------------------------- > > Key: HBASE-22728 > URL: https://issues.apache.org/jira/browse/HBASE-22728 > Project: HBase > Issue Type: Sub-task > Affects Versions: 1.4.10, 1.3.5 > Reporter: Andrew Purtell > Assignee: Viraj Jasani > Priority: Major > Fix For: 1.5.0, 1.3.6, 1.4.11 > > Attachments: HBASE-22728-addendum.patch, HBASE-22728-addendum.patch, > HBASE-22728.branch-1.01.patch, HBASE-22728.branch-1.02.patch, > HBASE-22728.branch-1.04.patch, HBASE-22728.branch-1.06.patch, > HBASE-22728.branch-1.10.patch, HBASE-22728.branch-1.11.patch, > HBASE-22728.branch-1.12.patch, HBASE-22728.branch-1.14.patch, > HBASE-22728.branch-1.15.patch, HBASE-22728.branch-1.16.patch > > > Avoid Jackson versions and dependencies with known CVEs -- This message was sent by Atlassian JIRA (v7.6.14#76016)