virajjasani edited a comment on issue #505: HBASE-22863 : Cleanup transitive Jackson1 vulnerable dependencies(forward-port HBASE-22728) URL: https://github.com/apache/hbase/pull/505#issuecomment-522291730 Let me provide the full dependency tree for Jackson1 with this patch: ``` [INFO] --- maven-dependency-plugin:3.1.1:tree (default-cli) @ hbase-http --- [INFO] org.apache.hbase:hbase-http:jar:3.0.0-SNAPSHOT [INFO] +- org.apache.hadoop:hadoop-minicluster:jar:2.8.5:test [INFO] | +- org.apache.hadoop:hadoop-common:test-jar:tests:2.8.5:test [INFO] | | \- org.codehaus.jackson:jackson-mapper-asl:jar:1.9.13:test [INFO] | \- org.apache.hadoop:hadoop-yarn-server-tests:test-jar:tests:2.8.5:test [INFO] | \- org.apache.hadoop:hadoop-yarn-common:jar:2.8.5:test [INFO] | +- org.codehaus.jackson:jackson-jaxrs:jar:1.9.13:test [INFO] | \- org.codehaus.jackson:jackson-xc:jar:1.9.13:test [INFO] \- org.codehaus.jackson:jackson-core-asl:jar:1.9.13:compile ``` ``` [INFO] --- maven-dependency-plugin:3.1.1:tree (default-cli) @ hbase-server --- [INFO] org.apache.hbase:hbase-server:jar:3.0.0-SNAPSHOT [INFO] +- org.apache.hbase:hbase-http:test-jar:tests:3.0.0-SNAPSHOT:test [INFO] | \- org.codehaus.jackson:jackson-core-asl:jar:1.9.13:test [INFO] \- org.apache.hadoop:hadoop-minicluster:jar:2.8.5:test [INFO] \- org.apache.hadoop:hadoop-common:test-jar:tests:2.8.5:test [INFO] \- org.codehaus.jackson:jackson-mapper-asl:jar:1.9.13:test [INFO] ``` ``` [INFO] --- maven-dependency-plugin:3.1.1:tree (default-cli) @ hbase-mapreduce --- [INFO] org.apache.hbase:hbase-mapreduce:jar:3.0.0-SNAPSHOT [INFO] \- org.apache.hadoop:hadoop-minicluster:jar:2.8.5:test [INFO] \- org.apache.hadoop:hadoop-common:test-jar:tests:2.8.5:test [INFO] +- org.codehaus.jackson:jackson-core-asl:jar:1.9.13:test [INFO] \- org.codehaus.jackson:jackson-mapper-asl:jar:1.9.13:test ``` ``` [INFO] --- maven-dependency-plugin:3.1.1:tree (default-cli) @ hbase-testing-util --- [INFO] org.apache.hbase:hbase-testing-util:jar:3.0.0-SNAPSHOT [INFO] \- org.apache.hadoop:hadoop-minicluster:jar:2.8.5:compile [INFO] \- org.apache.hadoop:hadoop-common:test-jar:tests:2.8.5:test [INFO] +- org.codehaus.jackson:jackson-core-asl:jar:1.9.13:test [INFO] \- org.codehaus.jackson:jackson-mapper-asl:jar:1.9.13:test ``` ``` [INFO] --- maven-dependency-plugin:3.1.1:tree (default-cli) @ hbase-thrift --- [INFO] org.apache.hbase:hbase-thrift:jar:3.0.0-SNAPSHOT [INFO] \- org.apache.hadoop:hadoop-minicluster:jar:2.8.5:test [INFO] \- org.apache.hadoop:hadoop-common:test-jar:tests:2.8.5:test [INFO] +- org.codehaus.jackson:jackson-core-asl:jar:1.9.13:test [INFO] \- org.codehaus.jackson:jackson-mapper-asl:jar:1.9.13:test ``` ``` [INFO] --- maven-dependency-plugin:3.1.1:tree (default-cli) @ hbase-rsgroup --- [INFO] org.apache.hbase:hbase-rsgroup:jar:3.0.0-SNAPSHOT [INFO] \- org.apache.hbase:hbase-testing-util:jar:3.0.0-SNAPSHOT:test [INFO] \- org.apache.hadoop:hadoop-minicluster:jar:2.8.5:test [INFO] \- org.apache.hadoop:hadoop-common:test-jar:tests:2.8.5:test [INFO] +- org.codehaus.jackson:jackson-core-asl:jar:1.9.13:test [INFO] \- org.codehaus.jackson:jackson-mapper-asl:jar:1.9.13:test ``` ``` [INFO] --- maven-dependency-plugin:3.1.1:tree (default-cli) @ hbase-shell --- [INFO] org.apache.hbase:hbase-shell:jar:3.0.0-SNAPSHOT [INFO] \- org.apache.hadoop:hadoop-minicluster:jar:2.8.5:test [INFO] \- org.apache.hadoop:hadoop-common:test-jar:tests:2.8.5:test [INFO] +- org.codehaus.jackson:jackson-core-asl:jar:1.9.13:test [INFO] \- org.codehaus.jackson:jackson-mapper-asl:jar:1.9.13:test ``` ``` [INFO] --- maven-dependency-plugin:3.1.1:tree (default-cli) @ hbase-endpoint --- [INFO] org.apache.hbase:hbase-endpoint:jar:3.0.0-SNAPSHOT [INFO] +- org.apache.hbase:hbase-http:test-jar:tests:3.0.0-SNAPSHOT:test [INFO] | \- org.codehaus.jackson:jackson-core-asl:jar:1.9.13:test [INFO] \- org.apache.hadoop:hadoop-minicluster:jar:2.8.5:test [INFO] \- org.apache.hadoop:hadoop-common:test-jar:tests:2.8.5:test [INFO] \- org.codehaus.jackson:jackson-mapper-asl:jar:1.9.13:test ``` ``` [INFO] --- maven-dependency-plugin:3.1.1:tree (default-cli) @ hbase-backup --- [INFO] org.apache.hbase:hbase-backup:jar:3.0.0-SNAPSHOT [INFO] \- org.apache.hbase:hbase-testing-util:jar:3.0.0-SNAPSHOT:test [INFO] \- org.apache.hadoop:hadoop-minicluster:jar:2.8.5:test [INFO] \- org.apache.hadoop:hadoop-common:test-jar:tests:2.8.5:test [INFO] +- org.codehaus.jackson:jackson-core-asl:jar:1.9.13:test [INFO] \- org.codehaus.jackson:jackson-mapper-asl:jar:1.9.13:test ``` ``` [INFO] --- maven-dependency-plugin:3.1.1:tree (default-cli) @ hbase-it --- [INFO] org.apache.hbase:hbase-it:jar:3.0.0-SNAPSHOT [INFO] \- org.apache.hbase:hbase-testing-util:jar:3.0.0-SNAPSHOT:test [INFO] \- org.apache.hadoop:hadoop-minicluster:jar:2.8.5:test [INFO] \- org.apache.hadoop:hadoop-common:test-jar:tests:2.8.5:test [INFO] +- org.codehaus.jackson:jackson-core-asl:jar:1.9.13:test [INFO] \- org.codehaus.jackson:jackson-mapper-asl:jar:1.9.13:test ``` ``` [INFO] --- maven-dependency-plugin:3.1.1:tree (default-cli) @ hbase-rest --- [INFO] org.apache.hbase:hbase-rest:jar:3.0.0-SNAPSHOT [INFO] +- org.apache.hbase:hbase-testing-util:jar:3.0.0-SNAPSHOT:test [INFO] | \- org.apache.hadoop:hadoop-minicluster:jar:2.8.5:test [INFO] | \- org.apache.hadoop:hadoop-common:test-jar:tests:2.8.5:test [INFO] | \- org.codehaus.jackson:jackson-mapper-asl:jar:1.9.13:test [INFO] +- org.apache.hbase:hbase-http:test-jar:tests:3.0.0-SNAPSHOT:test [INFO] | \- org.codehaus.jackson:jackson-core-asl:jar:1.9.13:test [INFO] +- com.fasterxml.jackson.jaxrs:jackson-jaxrs-json-provider:jar:2.9.9:compile [INFO] | +- com.fasterxml.jackson.jaxrs:jackson-jaxrs-base:jar:2.9.9:compile [INFO] | \- com.fasterxml.jackson.module:jackson-module-jaxb-annotations:jar:2.9.9:compile [INFO] +- com.fasterxml.jackson.core:jackson-annotations:jar:2.9.9:compile [INFO] +- com.fasterxml.jackson.core:jackson-core:jar:2.9.9:compile [INFO] \- com.fasterxml.jackson.core:jackson-databind:jar:2.9.9.2:compile ``` ``` [INFO] --- maven-dependency-plugin:3.1.1:tree (default-cli) @ hbase-examples --- [INFO] org.apache.hbase:hbase-examples:jar:3.0.0-SNAPSHOT [INFO] +- org.apache.hbase:hbase-testing-util:jar:3.0.0-SNAPSHOT:test [INFO] | \- org.apache.hadoop:hadoop-minicluster:jar:2.8.5:test [INFO] | \- org.apache.hadoop:hadoop-common:test-jar:tests:2.8.5:test [INFO] | +- org.codehaus.jackson:jackson-core-asl:jar:1.9.13:test [INFO] | \- org.codehaus.jackson:jackson-mapper-asl:jar:1.9.13:test [INFO] \- org.apache.hbase:hbase-rest:jar:3.0.0-SNAPSHOT:compile [INFO] +- com.fasterxml.jackson.jaxrs:jackson-jaxrs-json-provider:jar:2.9.9:compile [INFO] | +- com.fasterxml.jackson.jaxrs:jackson-jaxrs-base:jar:2.9.9:compile [INFO] | \- com.fasterxml.jackson.module:jackson-module-jaxb-annotations:jar:2.9.9:compile [INFO] +- com.fasterxml.jackson.core:jackson-annotations:jar:2.9.9:compile [INFO] +- com.fasterxml.jackson.core:jackson-core:jar:2.9.9:compile [INFO] \- com.fasterxml.jackson.core:jackson-databind:jar:2.9.9.2:compile ``` ``` [INFO] --- maven-dependency-plugin:3.1.1:tree (default-cli) @ hbase-shaded-client-byo-hadoop --- [INFO] org.apache.hbase:hbase-shaded-client-byo-hadoop:jar:3.0.0-SNAPSHOT [INFO] +- org.codehaus.jackson:jackson-jaxrs:jar:1.9.13:provided [INFO] \- org.codehaus.jackson:jackson-xc:jar:1.9.13:provided ``` ``` [INFO] --------------< org.apache.hbase:hbase-shaded-mapreduce >--------------- [INFO] Building Apache HBase - Shaded - MapReduce 3.0.0-SNAPSHOT [32/42] [INFO] --------------------------------[ jar ]--------------------------------- [INFO] [INFO] --- maven-dependency-plugin:3.1.1:tree (default-cli) @ hbase-shaded-mapreduce --- [INFO] org.apache.hbase:hbase-shaded-mapreduce:jar:3.0.0-SNAPSHOT [INFO] +- org.codehaus.jackson:jackson-jaxrs:jar:1.9.13:provided [INFO] \- org.codehaus.jackson:jackson-xc:jar:1.9.13:provided ``` ``` [INFO] --- maven-dependency-plugin:3.1.1:tree (default-cli) @ hbase-assembly --- [INFO] org.apache.hbase:hbase-assembly:pom:3.0.0-SNAPSHOT [INFO] +- org.apache.hbase:hbase-rest:jar:3.0.0-SNAPSHOT:compile [INFO] | +- com.fasterxml.jackson.jaxrs:jackson-jaxrs-json-provider:jar:2.9.9:compile [INFO] | | +- com.fasterxml.jackson.jaxrs:jackson-jaxrs-base:jar:2.9.9:compile [INFO] | | \- com.fasterxml.jackson.module:jackson-module-jaxb-annotations:jar:2.9.9:compile [INFO] | +- com.fasterxml.jackson.core:jackson-annotations:jar:2.9.9:compile [INFO] | +- com.fasterxml.jackson.core:jackson-core:jar:2.9.9:compile [INFO] | \- com.fasterxml.jackson.core:jackson-databind:jar:2.9.9.2:compile [INFO] +- org.apache.hbase:hbase-testing-util:jar:3.0.0-SNAPSHOT:test [INFO] | \- org.apache.hadoop:hadoop-minicluster:jar:2.8.5:test [INFO] | \- org.apache.hadoop:hadoop-common:test-jar:tests:2.8.5:test [INFO] | \- org.codehaus.jackson:jackson-mapper-asl:jar:1.9.13:test [INFO] \- org.apache.hbase:hbase-http:jar:3.0.0-SNAPSHOT:compile [INFO] \- org.codehaus.jackson:jackson-core-asl:jar:1.9.13:compile ``` ``` [INFO] --- maven-dependency-plugin:3.1.1:tree (default-cli) @ hbase-shaded-testing-util --- [INFO] org.apache.hbase:hbase-shaded-testing-util:jar:3.0.0-SNAPSHOT [INFO] \- org.codehaus.jackson:jackson-mapper-asl:jar:1.9.13:test [INFO] \- org.codehaus.jackson:jackson-core-asl:jar:1.9.13:test ``` ``` [INFO] --- maven-dependency-plugin:3.1.1:tree (default-cli) @ hbase-client-project --- [INFO] org.apache.hbase:hbase-client-project:jar:3.0.0-SNAPSHOT [INFO] \- org.apache.hbase:hbase-testing-util:jar:3.0.0-SNAPSHOT:test [INFO] \- org.apache.hadoop:hadoop-minicluster:jar:2.8.5:test [INFO] \- org.apache.hadoop:hadoop-common:test-jar:tests:2.8.5:test [INFO] +- org.codehaus.jackson:jackson-core-asl:jar:1.9.13:test [INFO] \- org.codehaus.jackson:jackson-mapper-asl:jar:1.9.13:test ``` ``` [INFO] --- maven-dependency-plugin:3.1.1:tree (default-cli) @ hbase-shaded-client-project --- [INFO] org.apache.hbase:hbase-shaded-client-project:jar:3.0.0-SNAPSHOT [INFO] \- org.apache.hbase:hbase-testing-util:jar:3.0.0-SNAPSHOT:test [INFO] \- org.apache.hadoop:hadoop-minicluster:jar:2.8.5:test [INFO] \- org.apache.hadoop:hadoop-common:test-jar:tests:2.8.5:test [INFO] +- org.codehaus.jackson:jackson-core-asl:jar:1.9.13:test [INFO] \- org.codehaus.jackson:jackson-mapper-asl:jar:1.9.13:test ``` @Apache9 Please let me know how this looks.
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services