[jira] [Commented] (HADOOP-17249) Upgrade jackson-databind to 2.10 on branch-2.10
[ https://issues.apache.org/jira/browse/HADOOP-17249?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17192507#comment-17192507 ] Masatake Iwasaki commented on HADOOP-17249: --- Thanks for the comment, [~Jim_Brennan] and [~jeagles]. Let's stay in 2.9.10 here then. Since there will be no 2.11 release of Hadoop, we should consider incompatible change if it is critical. I think jackson-2.10 is not worth for it. I'm going to update the title of this JIRA and PR. > Upgrade jackson-databind to 2.10 on branch-2.10 > --- > > Key: HADOOP-17249 > URL: https://issues.apache.org/jira/browse/HADOOP-17249 > Project: Hadoop Common > Issue Type: Improvement >Affects Versions: 2.10.0 >Reporter: Masatake Iwasaki >Assignee: Masatake Iwasaki >Priority: Major > Labels: pull-request-available > Time Spent: 20m > Remaining Estimate: 0h > > This is filed to test backporting HADOOP-16905 to branch-2.10. -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Commented] (HADOOP-17249) Upgrade jackson-databind to 2.10 on branch-2.10
[ https://issues.apache.org/jira/browse/HADOOP-17249?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17192372#comment-17192372 ] Jonathan Turner Eagles commented on HADOOP-17249: - Usually with libraries such as jackson, API breaking changes are NOT upgraded within the same hadoop minor version (say 2.10.0 -> 2.10.1). Instead they are upgraded in new hadoop minor version (say 2.11.0). Without shading, this will impact customers, and will make it difficult for downstream products to maintain compatibility. Many of the vulnerabilities that have been found with jackson and others aren't a problem in hadoop as its usage can't be exploited. In this case I would suggest a minor version upgrade that contains the fixes. As to jackson-databind, this version needs to align with jackson library as there are compatibility issues as well. Lastly, when upgrading to an incompatible library please mark the jira as an incompatible change to make sure it gains the proper attention. > Upgrade jackson-databind to 2.10 on branch-2.10 > --- > > Key: HADOOP-17249 > URL: https://issues.apache.org/jira/browse/HADOOP-17249 > Project: Hadoop Common > Issue Type: Improvement >Affects Versions: 2.10.0 >Reporter: Masatake Iwasaki >Assignee: Masatake Iwasaki >Priority: Major > Labels: pull-request-available > Time Spent: 20m > Remaining Estimate: 0h > > This is filed to test backporting HADOOP-16905 to branch-2.10. -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Commented] (HADOOP-17249) Upgrade jackson-databind to 2.10 on branch-2.10
[ https://issues.apache.org/jira/browse/HADOOP-17249?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17192311#comment-17192311 ] Jim Brennan commented on HADOOP-17249: -- [~iwasakims] there were some concerns about breaking downstream projects in [HADOOP-17094] https://issues.apache.org/jira/browse/HADOOP-17094?focusedCommentId=17145688=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-17145688 > Upgrade jackson-databind to 2.10 on branch-2.10 > --- > > Key: HADOOP-17249 > URL: https://issues.apache.org/jira/browse/HADOOP-17249 > Project: Hadoop Common > Issue Type: Improvement >Affects Versions: 2.10.0 >Reporter: Masatake Iwasaki >Assignee: Masatake Iwasaki >Priority: Major > Labels: pull-request-available > Time Spent: 20m > Remaining Estimate: 0h > > This is filed to test backporting HADOOP-16905 to branch-2.10. -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org