NihalJain opened a new pull request, #6405: URL: https://github.com/apache/hbase/pull/6405
… since all jackson 1.x versions have vulnerabilities - Building hbase with hadoop-3 profile on branch-2, still requires jackson 1.x jars, which has vulnerabilities. Ideally these should not be needed as with HADOOP-13332 hadoop has already "Remove jackson 1.9.13 and switch all jackson code to 2.x code line" for branch-3. - Also in HBASE-27148, where we worked on "Move minimum hadoop 3 support version to 3.2.3" we had did a similar cleanup for branch-3 but somehow we missed to port the relevant changes to the branch-2 backport of same jira. This task is to take care of this so that we do not need jackson 1.x to build/run hbase with hadoop-3 profile on branch-2.x. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
