[jira] [Comment Edited] (HBASE-22728) Upgrade jackson dependencies in branch-1

Tue, 13 Aug 2019 12:01:23 -0700 


    [ 
https://issues.apache.org/jira/browse/HBASE-22728?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16904381#comment-16904381
 ] 

Viraj Jasani edited comment on HBASE-22728 at 8/13/19 7:00 PM:
---------------------------------------------------------------

'test' would not work for hbase-server since it has exposure of jackson 
dependency in source code. May be we can move to fasterxml.jackson for 
hbase-server too? 

Eventually we can backport HBASE-20587 to branch-1 but as part of this Jira, 
since we are moving to fasterxml.jackson for hbase-rest, may be we can stick to 
it for hbase-server too. Let me give it a shot and see if everything goes good 
including unpacking tarball and bringing up HMaster.


was (Author: vjasani):
'test' would not work for hbase-server since it has exposure of jackson 
dependency in source code. May be we can move to fasterxml.jackson for 
hbase-server too and keep it at 'compile' scope(safer latest version)? 

Eventually we can backport HBASE-20587 to branch-1 but as part of this Jira, 
since we are moving to fasterxml.jackson for hbase-rest, may be we can stick to 
it for hbase-server too. Let me give it a shot and see if everything goes good 
including unpacking tarball and bringing up HMaster.

> Upgrade jackson dependencies in branch-1
> ----------------------------------------
>
>                 Key: HBASE-22728
>                 URL: https://issues.apache.org/jira/browse/HBASE-22728
>             Project: HBase
>          Issue Type: Sub-task
>    Affects Versions: 1.4.10, 1.3.5
>            Reporter: Andrew Purtell
>            Assignee: Viraj Jasani
>            Priority: Major
>             Fix For: 1.5.0, 1.3.6, 1.4.11
>
>         Attachments: HBASE-22728-addendum.patch, HBASE-22728-addendum.patch, 
> HBASE-22728.branch-1.01.patch, HBASE-22728.branch-1.02.patch, 
> HBASE-22728.branch-1.04.patch, HBASE-22728.branch-1.06.patch, 
> HBASE-22728.branch-1.10.patch, HBASE-22728.branch-1.11.patch, 
> HBASE-22728.branch-1.12.patch, HBASE-22728.branch-1.14.patch, 
> HBASE-22728.branch-1.15.patch, HBASE-22728.branch-1.16.patch
>
>
> Avoid Jackson versions and dependencies with known CVEs



--
This message was sent by Atlassian JIRA
(v7.6.14#76016)

Reply via email to