Uploaded image for project: 'Flume'
  1. Flume
  2. FLUME-3112

Upgrade jackson-core library dependency

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: 1.7.0
    • Fix Version/s: 1.8.0
    • Component/s: None
    • Labels:

      Description

      Group Artifact Version used Upgrade target
      com.fasterxml.jackson.core jackson-core 2.3.1 2.8.9

      Security vulnerability: http://www.cvedetails.com/cve/CVE-2016-7051/

      Please do:

      • double check the newest version.
      • consider to remove a dependency if better alternative is available.
      • check whether the lib change would introduce a backward incompatibility (in which case please add this label `breaking_change` and fix version should be the next major)

        Issue Links

          Activity

          Hide
          denes Denes Arvay added a comment -

          Thank you Ferenc Szabo for the patch, Attila Simon and Miklos Csanady for the review.

          Show
          denes Denes Arvay added a comment - Thank you Ferenc Szabo for the patch, Attila Simon and Miklos Csanady for the review.
          Hide
          hudson Hudson added a comment -

          FAILURE: Integrated in Jenkins build Flume-trunk-hbase-1 #310 (See https://builds.apache.org/job/Flume-trunk-hbase-1/310/)
          FLUME-3112. Upgrade jackson-core library dependency (denes: http://git-wip-us.apache.org/repos/asf/flume/repo?p=flume.git&a=commit&h=3cd1b331308d8d312fae258d94cd64a69ceb1644)

          • (edit) flume-ng-node/pom.xml
          • (edit) pom.xml
          Show
          hudson Hudson added a comment - FAILURE: Integrated in Jenkins build Flume-trunk-hbase-1 #310 (See https://builds.apache.org/job/Flume-trunk-hbase-1/310/ ) FLUME-3112 . Upgrade jackson-core library dependency (denes: http://git-wip-us.apache.org/repos/asf/flume/repo?p=flume.git&a=commit&h=3cd1b331308d8d312fae258d94cd64a69ceb1644 ) (edit) flume-ng-node/pom.xml (edit) pom.xml
          Hide
          githubbot ASF GitHub Bot added a comment -

          Github user asfgit closed the pull request at:

          https://github.com/apache/flume/pull/154

          Show
          githubbot ASF GitHub Bot added a comment - Github user asfgit closed the pull request at: https://github.com/apache/flume/pull/154
          Hide
          jira-bot ASF subversion and git services added a comment -

          Commit 3cd1b331308d8d312fae258d94cd64a69ceb1644 in flume's branch refs/heads/trunk from Ferenc Szabo
          [ https://git-wip-us.apache.org/repos/asf?p=flume.git;h=3cd1b33 ]

          FLUME-3112. Upgrade jackson-core library dependency

          Upgrading the version in dependency management and removing unused ones.
          Both 1.x and 2.x jackson versions are needed, renamed the jackson.version
          property to codehaus.jackson.version and added fasterxml.jackson.version
          for the 2.x jackson.

          This closes #154

          Reviewers: Attila Simon, Miklos Csanady, Denes Arvay

          (Ferenc Szabo via Denes Arvay)

          Show
          jira-bot ASF subversion and git services added a comment - Commit 3cd1b331308d8d312fae258d94cd64a69ceb1644 in flume's branch refs/heads/trunk from Ferenc Szabo [ https://git-wip-us.apache.org/repos/asf?p=flume.git;h=3cd1b33 ] FLUME-3112 . Upgrade jackson-core library dependency Upgrading the version in dependency management and removing unused ones. Both 1.x and 2.x jackson versions are needed, renamed the jackson.version property to codehaus.jackson.version and added fasterxml.jackson.version for the 2.x jackson. This closes #154 Reviewers: Attila Simon, Miklos Csanady, Denes Arvay (Ferenc Szabo via Denes Arvay)
          Hide
          fszabo Ferenc Szabo added a comment -

          Done. Thanks!

          Show
          fszabo Ferenc Szabo added a comment - Done. Thanks!
          Hide
          sati Attila Simon added a comment -

          I concluded the review will be done on github. If that is indeed the case could you please close the review on reviewboard?

          Show
          sati Attila Simon added a comment - I concluded the review will be done on github. If that is indeed the case could you please close the review on reviewboard?
          Hide
          githubbot ASF GitHub Bot added a comment -

          GitHub user szaboferee opened a pull request:

          https://github.com/apache/flume/pull/154

          FLUME-3112 Upgrade jackson-core library dependency

          Upgrading in dependency management and removing unused ones

          You can merge this pull request into a Git repository by running:

          $ git pull https://github.com/szaboferee/flume FLUME-3112

          Alternatively you can review and apply these changes as the patch at:

          https://github.com/apache/flume/pull/154.patch

          To close this pull request, make a commit to your master/trunk branch
          with (at least) the following in the commit message:

          This closes #154


          commit 838206200d5b3d58f5680f6be7e3da68897a0ce3
          Author: Ferenc Szabo <fszabo@cloudera.com>
          Date: 2017-08-15T08:35:35Z

          FLUME-3112 Upgrade jackson-core library dependency

          Upgrading in dependency management and removing unused ones


          Show
          githubbot ASF GitHub Bot added a comment - GitHub user szaboferee opened a pull request: https://github.com/apache/flume/pull/154 FLUME-3112 Upgrade jackson-core library dependency Upgrading in dependency management and removing unused ones You can merge this pull request into a Git repository by running: $ git pull https://github.com/szaboferee/flume FLUME-3112 Alternatively you can review and apply these changes as the patch at: https://github.com/apache/flume/pull/154.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #154 commit 838206200d5b3d58f5680f6be7e3da68897a0ce3 Author: Ferenc Szabo <fszabo@cloudera.com> Date: 2017-08-15T08:35:35Z FLUME-3112 Upgrade jackson-core library dependency Upgrading in dependency management and removing unused ones
          Hide
          fszabo Ferenc Szabo added a comment -

          Patch provided via rewiew board:

          https://reviews.apache.org/r/61431/

          Show
          fszabo Ferenc Szabo added a comment - Patch provided via rewiew board: https://reviews.apache.org/r/61431/
          Hide
          sati Attila Simon added a comment -

          Excerpted transitive dependency tree from `mvn dependency:tree`

          org.apache.flume.flume-ng-sinks:flume-dataset-sink:jar:1.8.0-SNAPSHOT
              org.kitesdk:kite-data-core:jar:1.0.0:compile
                  com.fasterxml.jackson.core:jackson-databind:jar:2.3.1:compile
                      com.fasterxml.jackson.core:jackson-annotations:jar:2.3.0:compile            
                      com.fasterxml.jackson.core:jackson-core:jar:2.3.1:compile
          
          org.apache.flume.flume-ng-sinks:flume-ng-morphline-solr-sink:jar:1.8.0-SNAPSHOT
              org.kitesdk:kite-morphlines-all:pom:1.0.0:compile
                  org.kitesdk:kite-morphlines-json:jar:1.0.0:compile
                      com.fasterxml.jackson.core:jackson-databind:jar:2.3.1:compile
                          com.fasterxml.jackson.core:jackson-annotations:jar:2.3.0:compile
                          com.fasterxml.jackson.core:jackson-core:jar:2.3.1:compile
          
          Show
          sati Attila Simon added a comment - Excerpted transitive dependency tree from `mvn dependency:tree` org.apache.flume.flume-ng-sinks:flume-dataset-sink:jar:1.8.0-SNAPSHOT org.kitesdk:kite-data-core:jar:1.0.0:compile com.fasterxml.jackson.core:jackson-databind:jar:2.3.1:compile com.fasterxml.jackson.core:jackson-annotations:jar:2.3.0:compile com.fasterxml.jackson.core:jackson-core:jar:2.3.1:compile org.apache.flume.flume-ng-sinks:flume-ng-morphline-solr-sink:jar:1.8.0-SNAPSHOT org.kitesdk:kite-morphlines-all:pom:1.0.0:compile org.kitesdk:kite-morphlines-json:jar:1.0.0:compile com.fasterxml.jackson.core:jackson-databind:jar:2.3.1:compile com.fasterxml.jackson.core:jackson-annotations:jar:2.3.0:compile com.fasterxml.jackson.core:jackson-core:jar:2.3.1:compile

            People

            • Assignee:
              fszabo Ferenc Szabo
              Reporter:
              sati Attila Simon
            • Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development