Skip to content

HADOOP-18178. Upgrade jackson to 2.13.2 and jackson-databind to 2.13.2.2 #4111

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Apr 7, 2022
Merged

HADOOP-18178. Upgrade jackson to 2.13.2 and jackson-databind to 2.13.2.2 #4111

merged 2 commits into from
Apr 7, 2022

Conversation

pjfanning
Copy link
Contributor

Description of PR

New CVE in jackson-databind

How was this patch tested?

For code changes:

  • Does the title or this PR starts with the corresponding JIRA issue id (e.g. 'HADOOP-17799. Your PR title ...')?
  • Object storage: have the integration tests been executed and the endpoint declared according to the connector-specific documentation?
  • If adding new dependencies to the code, are these dependencies licensed in a way that is compatible for inclusion under ASF 2.0?
  • If applicable, have you updated the LICENSE, LICENSE-binary, NOTICE-binary files?

aajisaka
aajisaka approved these changes Mar 26, 2022
View reviewed changes
Copy link
Member

@aajisaka aajisaka left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

+1 pending Jenkins.

@hadoop-yetus
Copy link

💔 -1 overall

Vote Subsystem Runtime Logfile Comment
+0 🆗 reexec 0m 37s Docker mode activated.
_ Prechecks _
+1 💚 dupname 0m 0s No case conflicting files found.
+0 🆗 codespell 0m 1s codespell was not available.
+0 🆗 shelldocs 0m 1s Shelldocs was not available.
+1 💚 @author 0m 0s The patch does not contain any @author tags.
-1 ❌ test4tests 0m 0s The patch doesn't appear to include any new or modified tests. Please justify why no new tests are needed for this patch. Also please list what manual steps were performed to verify this patch.
_ trunk Compile Tests _
+0 🆗 mvndep 12m 46s Maven dependency ordering for branch
+1 💚 mvninstall 23m 6s trunk passed
+1 💚 compile 23m 45s trunk passed with JDK Ubuntu-11.0.14+9-Ubuntu-0ubuntu2.20.04
+1 💚 compile 21m 27s trunk passed with JDK Private Build-1.8.0_312-8u312-b07-0ubuntu1~20.04-b07
+1 💚 mvnsite 26m 33s trunk passed
+1 💚 javadoc 8m 2s trunk passed with JDK Ubuntu-11.0.14+9-Ubuntu-0ubuntu2.20.04
+1 💚 javadoc 8m 11s trunk passed with JDK Private Build-1.8.0_312-8u312-b07-0ubuntu1~20.04-b07
+1 💚 shadedclient 35m 36s branch has no errors when building and testing our client artifacts.
_ Patch Compile Tests _
+0 🆗 mvndep 0m 41s Maven dependency ordering for patch
+1 💚 mvninstall 21m 39s the patch passed
+1 💚 compile 22m 5s the patch passed with JDK Ubuntu-11.0.14+9-Ubuntu-0ubuntu2.20.04
+1 💚 javac 22m 5s the patch passed
+1 💚 compile 20m 8s the patch passed with JDK Private Build-1.8.0_312-8u312-b07-0ubuntu1~20.04-b07
+1 💚 javac 20m 8s the patch passed
+1 💚 blanks 0m 0s The patch has no blanks issues.
+1 💚 mvnsite 21m 46s the patch passed
+1 💚 shellcheck 0m 0s No new issues.
+1 💚 xml 0m 2s The patch has no ill-formed XML file.
+1 💚 javadoc 7m 55s the patch passed with JDK Ubuntu-11.0.14+9-Ubuntu-0ubuntu2.20.04
+1 💚 javadoc 8m 17s the patch passed with JDK Private Build-1.8.0_312-8u312-b07-0ubuntu1~20.04-b07
+1 💚 shadedclient 37m 5s patch has no errors when building and testing our client artifacts.
_ Other Tests _
-1 ❌ unit 775m 37s /patch-unit-root.txt root in the patch passed.
+1 💚 asflicense 1m 41s The patch does not generate ASF License warnings.
1047m 19s
Reason Tests
Failed junit tests hadoop.yarn.conf.TestYarnConfigurationFields
hadoop.yarn.sls.TestSLSStreamAMSynth
hadoop.yarn.sls.TestSLSRunner
hadoop.yarn.sls.TestSLSGenericSynth
Subsystem Report/Notes
Docker ClientAPI=1.41 ServerAPI=1.41 base: https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-4111/2/artifact/out/Dockerfile
GITHUB PR #4111
Optional Tests dupname asflicense compile javac javadoc mvninstall mvnsite unit shadedclient codespell xml shellcheck shelldocs
uname Linux bc3c2ac43ac3 4.15.0-161-generic #169-Ubuntu SMP Fri Oct 15 13:41:54 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
Build tool maven
Personality dev-support/bin/hadoop.sh
git revision trunk / 2d80cbaf22edfb5a2c1a79412ccbed341d711bfb
Default Java Private Build-1.8.0_312-8u312-b07-0ubuntu1~20.04-b07
Multi-JDK versions /usr/lib/jvm/java-11-openjdk-amd64:Ubuntu-11.0.14+9-Ubuntu-0ubuntu2.20.04 /usr/lib/jvm/java-8-openjdk-amd64:Private Build-1.8.0_312-8u312-b07-0ubuntu1~20.04-b07
Test Results https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-4111/2/testReport/
Max. process+thread count 3529 (vs. ulimit of 5500)
modules C: hadoop-project . U: .
Console output https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-4111/2/console
versions git=2.25.1 maven=3.6.3 shellcheck=0.7.0
Powered by Apache Yetus 0.14.0-SNAPSHOT https://yetus.apache.org

This message was automatically generated.

@hadoop-yetus
Copy link

💔 -1 overall

Vote Subsystem Runtime Logfile Comment
+0 🆗 reexec 0m 37s Docker mode activated.
_ Prechecks _
+1 💚 dupname 0m 0s No case conflicting files found.
+0 🆗 codespell 0m 0s codespell was not available.
+0 🆗 shelldocs 0m 0s Shelldocs was not available.
+1 💚 @author 0m 0s The patch does not contain any @author tags.
-1 ❌ test4tests 0m 0s The patch doesn't appear to include any new or modified tests. Please justify why no new tests are needed for this patch. Also please list what manual steps were performed to verify this patch.
_ trunk Compile Tests _
+0 🆗 mvndep 16m 3s Maven dependency ordering for branch
+1 💚 mvninstall 24m 57s trunk passed
+1 💚 compile 22m 40s trunk passed with JDK Ubuntu-11.0.14+9-Ubuntu-0ubuntu2.20.04
+1 💚 compile 20m 2s trunk passed with JDK Private Build-1.8.0_312-8u312-b07-0ubuntu1~20.04-b07
+1 💚 mvnsite 27m 32s trunk passed
+1 💚 javadoc 8m 17s trunk passed with JDK Ubuntu-11.0.14+9-Ubuntu-0ubuntu2.20.04
+1 💚 javadoc 8m 6s trunk passed with JDK Private Build-1.8.0_312-8u312-b07-0ubuntu1~20.04-b07
+1 💚 shadedclient 36m 0s branch has no errors when building and testing our client artifacts.
_ Patch Compile Tests _
+0 🆗 mvndep 0m 43s Maven dependency ordering for patch
+1 💚 mvninstall 21m 36s the patch passed
+1 💚 compile 22m 16s the patch passed with JDK Ubuntu-11.0.14+9-Ubuntu-0ubuntu2.20.04
+1 💚 javac 22m 16s the patch passed
+1 💚 compile 20m 1s the patch passed with JDK Private Build-1.8.0_312-8u312-b07-0ubuntu1~20.04-b07
+1 💚 javac 20m 1s the patch passed
+1 💚 blanks 0m 0s The patch has no blanks issues.
+1 💚 mvnsite 22m 20s the patch passed
+1 💚 shellcheck 0m 1s No new issues.
+1 💚 xml 0m 1s The patch has no ill-formed XML file.
+1 💚 javadoc 8m 22s the patch passed with JDK Ubuntu-11.0.14+9-Ubuntu-0ubuntu2.20.04
+1 💚 javadoc 8m 15s the patch passed with JDK Private Build-1.8.0_312-8u312-b07-0ubuntu1~20.04-b07
+1 💚 shadedclient 37m 59s patch has no errors when building and testing our client artifacts.
_ Other Tests _
+1 💚 unit 788m 57s root in the patch passed.
+1 💚 asflicense 1m 42s The patch does not generate ASF License warnings.
1065m 56s
Subsystem Report/Notes
Docker ClientAPI=1.41 ServerAPI=1.41 base: https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-4111/3/artifact/out/Dockerfile
GITHUB PR #4111
Optional Tests dupname asflicense compile javac javadoc mvninstall mvnsite unit shadedclient codespell xml shellcheck shelldocs
uname Linux 0940e666a43c 4.15.0-161-generic #169-Ubuntu SMP Fri Oct 15 13:41:54 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
Build tool maven
Personality dev-support/bin/hadoop.sh
git revision trunk / 1fb792f
Default Java Private Build-1.8.0_312-8u312-b07-0ubuntu1~20.04-b07
Multi-JDK versions /usr/lib/jvm/java-11-openjdk-amd64:Ubuntu-11.0.14+9-Ubuntu-0ubuntu2.20.04 /usr/lib/jvm/java-8-openjdk-amd64:Private Build-1.8.0_312-8u312-b07-0ubuntu1~20.04-b07
Test Results https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-4111/3/testReport/
Max. process+thread count 3449 (vs. ulimit of 5500)
modules C: hadoop-project . U: .
Console output https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-4111/3/console
versions git=2.25.1 maven=3.6.3 shellcheck=0.7.0
Powered by Apache Yetus 0.14.0-SNAPSHOT https://yetus.apache.org

This message was automatically generated.

@pjfanning
Copy link
Contributor Author

@aajisaka could you re-review this if you get a chance?

@aajisaka aajisaka merged commit 4b786c7 into apache:trunk Apr 7, 2022
@aajisaka
Copy link
Member

aajisaka commented Apr 7, 2022

Merged. Thank you @pjfanning for the update.

@aajisaka aajisaka changed the title [HADOOP-18178] upgrade jackson due to cve HADOOP-18178. Upgrade jackson to 2.13.2 and jackson-databind to 2.13.2.2 Apr 7, 2022
aajisaka pushed a commit to aajisaka/hadoop that referenced this pull request Apr 7, 2022
@pjfanning @aajisaka
HADOOP-18178. Upgrade jackson to 2.13.2 and jackson-databind to 2.13.…
65b25b8 
…2.2 (apache#4111)

Signed-off-by: Akira Ajisaka <aajisaka@apache.org>
(cherry picked from commit 4b786c7)

 Conflicts:
	LICENSE-binary
steveloughran pushed a commit to steveloughran/hadoop that referenced this pull request Apr 8, 2022
@pjfanning @steveloughran
HADOOP-18178. Upgrade jackson to 2.13.2 and jackson-databind to 2.13.…
b4fefdb 
…2.2 (apache#4111)

Change-Id: I78f33234e405b2f7be3304f9f30ef59a641c19a0
Signed-off-by: Akira Ajisaka <aajisaka@apache.org>
@steveloughran steveloughran mentioned this pull request Apr 8, 2022
Closed
@pjfanning pjfanning deleted the jackson-cve branch April 8, 2022 13:57
@aajisaka aajisaka mentioned this pull request Apr 9, 2022
Merged
2 tasks
ayushtkn added a commit to ayushtkn/hadoop that referenced this pull request Jul 11, 2022
@ayushtkn
Revert "HADOOP-18178. Upgrade jackson to 2.13.2 and jackson-databind …
f38d158 
…to 2.13.2.2 (apache#4111)"

This reverts commit 4b786c7.
HarshitGupta11 pushed a commit to HarshitGupta11/hadoop that referenced this pull request Nov 28, 2022
@pjfanning
HADOOP-18178. Upgrade jackson to 2.13.2 and jackson-databind to 2.13.…
155fdf3 
…2.2 (apache#4111)

Signed-off-by: Akira Ajisaka <aajisaka@apache.org>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@aajisaka aajisaka aajisaka approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@pjfanning @hadoop-yetus @aajisaka