Details
-
Type:
Bug
-
Status: Resolved
-
Priority:
Critical
-
Resolution: Fixed
-
Affects Version/s: 1.7.0
-
Fix Version/s: 1.8.0
-
Component/s: None
-
Labels:
Description
| Group | Artifact | Version used | Upgrade target |
|---|---|---|---|
| com.fasterxml.jackson.core | jackson-core | 2.3.1 | 2.8.9 |
Security vulnerability: http://www.cvedetails.com/cve/CVE-2016-7051/
Please do:
- double check the newest version.
- consider to remove a dependency if better alternative is available.
- check whether the lib change would introduce a backward incompatibility (in which case please add this label `breaking_change` and fix version should be the next major)
Issue Links
- links to
Activity
- All
- Comments
- Work Log
- History
- Activity
- Transitions
FAILURE: Integrated in Jenkins build Flume-trunk-hbase-1 #310 (See https://builds.apache.org/job/Flume-trunk-hbase-1/310/)
FLUME-3112. Upgrade jackson-core library dependency (denes: http://git-wip-us.apache.org/repos/asf/flume/repo?p=flume.git&a=commit&h=3cd1b331308d8d312fae258d94cd64a69ceb1644)
- (edit) flume-ng-node/pom.xml
- (edit) pom.xml
Github user asfgit closed the pull request at:
Commit 3cd1b331308d8d312fae258d94cd64a69ceb1644 in flume's branch refs/heads/trunk from Ferenc Szabo
[ https://git-wip-us.apache.org/repos/asf?p=flume.git;h=3cd1b33 ]
FLUME-3112. Upgrade jackson-core library dependency
Upgrading the version in dependency management and removing unused ones.
Both 1.x and 2.x jackson versions are needed, renamed the jackson.version
property to codehaus.jackson.version and added fasterxml.jackson.version
for the 2.x jackson.
This closes #154
Reviewers: Attila Simon, Miklos Csanady, Denes Arvay
(Ferenc Szabo via Denes Arvay)
Done. Thanks!
I concluded the review will be done on github. If that is indeed the case could you please close the review on reviewboard?
GitHub user szaboferee opened a pull request:
https://github.com/apache/flume/pull/154
FLUME-3112 Upgrade jackson-core library dependency
Upgrading in dependency management and removing unused ones
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/szaboferee/flume FLUME-3112
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/flume/pull/154.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #154
commit 838206200d5b3d58f5680f6be7e3da68897a0ce3
Author: Ferenc Szabo <fszabo@cloudera.com>
Date: 2017-08-15T08:35:35Z
FLUME-3112 Upgrade jackson-core library dependency
Upgrading in dependency management and removing unused ones
Patch provided via rewiew board:
Excerpted transitive dependency tree from `mvn dependency:tree`
org.apache.flume.flume-ng-sinks:flume-dataset-sink:jar:1.8.0-SNAPSHOT
org.kitesdk:kite-data-core:jar:1.0.0:compile
com.fasterxml.jackson.core:jackson-databind:jar:2.3.1:compile
com.fasterxml.jackson.core:jackson-annotations:jar:2.3.0:compile
com.fasterxml.jackson.core:jackson-core:jar:2.3.1:compile
org.apache.flume.flume-ng-sinks:flume-ng-morphline-solr-sink:jar:1.8.0-SNAPSHOT
org.kitesdk:kite-morphlines-all:pom:1.0.0:compile
org.kitesdk:kite-morphlines-json:jar:1.0.0:compile
com.fasterxml.jackson.core:jackson-databind:jar:2.3.1:compile
com.fasterxml.jackson.core:jackson-annotations:jar:2.3.0:compile
com.fasterxml.jackson.core:jackson-core:jar:2.3.1:compile
Thank you Ferenc Szabo for the patch, Attila Simon and Miklos Csanady for the review.