[
https://issues.apache.org/jira/browse/KYLIN-3372?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16493043#comment-16493043
]
ASF GitHub Bot commented on KYLIN-3372:
---------------------------------------
codecov-io commented on issue #144: KYLIN-3372 upgrade jackson databind version
to 2.9.5
URL: https://github.com/apache/kylin/pull/144#issuecomment-392640151
# [Codecov](https://codecov.io/gh/apache/kylin/pull/144?src=pr&el=h1) Report
> Merging [#144](https://codecov.io/gh/apache/kylin/pull/144?src=pr&el=desc)
into
[master](https://codecov.io/gh/apache/kylin/commit/2b1e9f4b965a47dde999eca073bdbf49eecdb63d?src=pr&el=desc)
will **increase** coverage by `0.02%`.
> The diff coverage is `n/a`.
[](https://codecov.io/gh/apache/kylin/pull/144?src=pr&el=tree)
```diff
@@ Coverage Diff @@
## master #144 +/- ##
============================================
+ Coverage 21.83% 21.85% +0.02%
- Complexity 3888 3889 +1
============================================
Files 985 985
Lines 59716 59716
Branches 8623 8623
============================================
+ Hits 13039 13052 +13
+ Misses 45459 45452 -7
+ Partials 1218 1212 -6
```
| [Impacted
Files](https://codecov.io/gh/apache/kylin/pull/144?src=pr&el=tree) | Coverage Δ
| Complexity Δ | |
|---|---|---|---|
|
[...a/org/apache/kylin/dict/Number2BytesConverter.java](https://codecov.io/gh/apache/kylin/pull/144/diff?src=pr&el=tree#diff-Y29yZS1kaWN0aW9uYXJ5L3NyYy9tYWluL2phdmEvb3JnL2FwYWNoZS9reWxpbi9kaWN0L051bWJlcjJCeXRlc0NvbnZlcnRlci5qYXZh)
| `82.53% <0%> (+0.79%)` | `18% <0%> (+1%)` | :arrow_up: |
|
[.../apache/kylin/cube/cuboid/TreeCuboidScheduler.java](https://codecov.io/gh/apache/kylin/pull/144/diff?src=pr&el=tree#diff-Y29yZS1jdWJlL3NyYy9tYWluL2phdmEvb3JnL2FwYWNoZS9reWxpbi9jdWJlL2N1Ym9pZC9UcmVlQ3Vib2lkU2NoZWR1bGVyLmphdmE=)
| `66.15% <0%> (+2.3%)` | `0% <0%> (ø)` | :arrow_down: |
|
[...rg/apache/kylin/cube/inmemcubing/MemDiskStore.java](https://codecov.io/gh/apache/kylin/pull/144/diff?src=pr&el=tree#diff-Y29yZS1jdWJlL3NyYy9tYWluL2phdmEvb3JnL2FwYWNoZS9reWxpbi9jdWJlL2lubWVtY3ViaW5nL01lbURpc2tTdG9yZS5qYXZh)
| `69.3% <0%> (+2.73%)` | `7% <0%> (ø)` | :arrow_down: |
------
[Continue to review full report at
Codecov](https://codecov.io/gh/apache/kylin/pull/144?src=pr&el=continue).
> **Legend** - [Click here to learn
more](https://docs.codecov.io/docs/codecov-delta)
> `Δ = absolute <relative> (impact)`, `ø = not affected`, `? = missing data`
> Powered by
[Codecov](https://codecov.io/gh/apache/kylin/pull/144?src=pr&el=footer). Last
update
[2b1e9f4...12222c8](https://codecov.io/gh/apache/kylin/pull/144?src=pr&el=lastupdated).
Read the [comment docs](https://docs.codecov.io/docs/pull-request-comments).
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
> Upgrade jackson-databind version due to security concerns
> ---------------------------------------------------------
>
> Key: KYLIN-3372
> URL: https://issues.apache.org/jira/browse/KYLIN-3372
> Project: Kylin
> Issue Type: Task
> Reporter: Ted Yu
> Assignee: Chao Long
> Priority: Major
> Fix For: v2.4.0
>
>
> * https://nvd.nist.gov/vuln/detail/CVE-2018-5968
> * https://nvd.nist.gov/vuln/detail/CVE-2018-7489
> * https://nvd.nist.gov/vuln/detail/CVE-2017-7525
> * https://nvd.nist.gov/vuln/detail/CVE-2017-17485
> * https://nvd.nist.gov/vuln/detail/CVE-2017-15095
> We should either remove the dependency or upgrade to version 2.8.11.1 or the
> latest, if possible.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
