[
https://issues.apache.org/jira/browse/HBASE-22728?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16907025#comment-16907025
]
Viraj Jasani edited comment on HBASE-22728 at 8/14/19 8:42 AM:
---------------------------------------------------------------
Thanks. Sure it should be good enough to call out in release note. With latest
patch attached, we are including vulnerable mapper in hbase-common and
hbase-assembly.
was (Author: vjasani):
Thanks. Sure it should be good enough to call out in release note. With latest
patch attached, we are including vulnerable mapper only in hbase-common and
hbase-assembly.
> Upgrade jackson dependencies in branch-1
> ----------------------------------------
>
> Key: HBASE-22728
> URL: https://issues.apache.org/jira/browse/HBASE-22728
> Project: HBase
> Issue Type: Sub-task
> Affects Versions: 1.4.10, 1.3.5
> Reporter: Andrew Purtell
> Assignee: Viraj Jasani
> Priority: Major
> Fix For: 1.5.0, 1.3.6, 1.4.11
>
> Attachments: HBASE-22728-addendum.patch, HBASE-22728-addendum.patch,
> HBASE-22728.branch-1.01.patch, HBASE-22728.branch-1.02.patch,
> HBASE-22728.branch-1.04.patch, HBASE-22728.branch-1.06.patch,
> HBASE-22728.branch-1.10.patch, HBASE-22728.branch-1.11.patch,
> HBASE-22728.branch-1.12.patch, HBASE-22728.branch-1.14.patch,
> HBASE-22728.branch-1.15.patch, HBASE-22728.branch-1.16.patch,
> HBASE-22728.branch-1.18.patch
>
>
> Avoid Jackson versions and dependencies with known CVEs
--
This message was sent by Atlassian JIRA
(v7.6.14#76016)
