Details

    • Type: Sub-task
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 2.8.0
    • Fix Version/s: 2.9.0, 3.0.0-alpha2
    • Component/s: build
    • Labels:
      None
    • Target Version/s:
    • Hadoop Flags:
      Incompatible change
    • Release Note:
      Hide
      We are sorry for causing pain for everyone for whom this Jackson update causes problems, but it was proving impossible to stay on the older version: too much code had moved past it, and by staying back we were limiting what Hadoop could do, and giving everyone who wanted an up to date version of Jackson a different set of problems. We've selected Jackson 2.7.8 as it fixed fix a security issue in XML parsing, yet proved compatible at the API level with the Hadoop codebase --and hopefully everything downstream.
      Show
      We are sorry for causing pain for everyone for whom this Jackson update causes problems, but it was proving impossible to stay on the older version: too much code had moved past it, and by staying back we were limiting what Hadoop could do, and giving everyone who wanted an up to date version of Jackson a different set of problems. We've selected Jackson 2.7.8 as it fixed fix a security issue in XML parsing, yet proved compatible at the API level with the Hadoop codebase --and hopefully everything downstream.

      Description

      There's no rush to do this; this is just the JIRA to track versions. However, without the upgrade, things written for Jackson 2.4.4 can break ( SPARK-12807)

      being Jackson, this is a potentially dangerous update.

      1. HADOOP-13050-001.patch
        2 kB
        Steve Loughran
      2. HADOOP-12705.01.patch
        0.4 kB
        Akira Ajisaka
      3. HADOOP-12705.003.patch
        0.4 kB
        Sean Mackrory
      4. HADOOP-12705.002.patch
        3 kB
        Sean Mackrory

        Issue Links

          Activity

          Hide
          andrew.wang Andrew Wang added a comment -

          Please remember to set the appropriate 3.x fix version when committing to trunk, thanks!

          Show
          andrew.wang Andrew Wang added a comment - Please remember to set the appropriate 3.x fix version when committing to trunk, thanks!
          Hide
          hudson Hudson added a comment -

          SUCCESS: Integrated in Jenkins build Hadoop-trunk-Commit #10868 (See https://builds.apache.org/job/Hadoop-trunk-Commit/10868/)
          HADOOP-12705 Upgrade Jackson 2.2.3 to 2.7.8 (stevel: rev 3eb7b686879d26fa2505b23e5e80b2f2a0ac436f)

          • (edit) hadoop-project/pom.xml
          Show
          hudson Hudson added a comment - SUCCESS: Integrated in Jenkins build Hadoop-trunk-Commit #10868 (See https://builds.apache.org/job/Hadoop-trunk-Commit/10868/ ) HADOOP-12705 Upgrade Jackson 2.2.3 to 2.7.8 (stevel: rev 3eb7b686879d26fa2505b23e5e80b2f2a0ac436f) (edit) hadoop-project/pom.xml
          Hide
          stevel@apache.org Steve Loughran added a comment -

          patch applied to 2.9+

          Show
          stevel@apache.org Steve Loughran added a comment - patch applied to 2.9+
          Hide
          stevel@apache.org Steve Loughran added a comment -

          +1.

          I've applied this to branch-2 and trunk. I don't want to go near 2.7 & 2.8 : maybe add a warning in the notes of the security risk & recommend an upgrade?

          Show
          stevel@apache.org Steve Loughran added a comment - +1. I've applied this to branch-2 and trunk. I don't want to go near 2.7 & 2.8 : maybe add a warning in the notes of the security risk & recommend an upgrade?
          Hide
          stevel@apache.org Steve Loughran added a comment -

          that's great. I tihnk we are going to have to move up to Jackson 2.7+ in branch 2, with hadoop trunk -> 2.8+ and the PAI changes.

          Show
          stevel@apache.org Steve Loughran added a comment - that's great. I tihnk we are going to have to move up to Jackson 2.7+ in branch 2, with hadoop trunk -> 2.8+ and the PAI changes.
          Hide
          andrew.wang Andrew Wang added a comment -

          We're working on a shaded hadoop client at HADOOP-11804, after which classpath updates will have far more limited effect on clients.

          Show
          andrew.wang Andrew Wang added a comment - We're working on a shaded hadoop client at HADOOP-11804 , after which classpath updates will have far more limited effect on clients.
          Hide
          hadoopqa Hadoop QA added a comment -
          -1 overall



          Vote Subsystem Runtime Comment
          0 reexec 0m 18s Docker mode activated.
          +1 @author 0m 0s The patch does not contain any @author tags.
          -1 test4tests 0m 0s The patch doesn't appear to include any new or modified tests. Please justify why no new tests are needed for this patch. Also please list what manual steps were performed to verify this patch.
          +1 mvninstall 7m 45s trunk passed
          +1 compile 0m 10s trunk passed
          +1 mvnsite 0m 13s trunk passed
          +1 mvneclipse 0m 10s trunk passed
          +1 javadoc 0m 9s trunk passed
          +1 mvninstall 0m 7s the patch passed
          +1 compile 0m 6s the patch passed
          +1 javac 0m 6s the patch passed
          +1 mvnsite 0m 8s the patch passed
          +1 mvneclipse 0m 7s the patch passed
          +1 whitespace 0m 0s The patch has no whitespace issues.
          +1 xml 0m 1s The patch has no ill-formed XML file.
          +1 javadoc 0m 6s the patch passed
          +1 unit 0m 6s hadoop-project in the patch passed.
          +1 asflicense 0m 18s The patch does not generate ASF License warnings.
          10m 20s



          Subsystem Report/Notes
          Docker Image:yetus/hadoop:e809691
          JIRA Issue HADOOP-12705
          JIRA Patch URL https://issues.apache.org/jira/secure/attachment/12837809/HADOOP-12705.003.patch
          Optional Tests asflicense compile javac javadoc mvninstall mvnsite unit xml
          uname Linux 87402fa57161 3.13.0-36-lowlatency #63-Ubuntu SMP PREEMPT Wed Sep 3 21:56:12 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
          Build tool maven
          Personality /testptch/hadoop/patchprocess/precommit/personality/provided.sh
          git revision trunk / acd509d
          Default Java 1.8.0_101
          Test Results https://builds.apache.org/job/PreCommit-HADOOP-Build/11009/testReport/
          modules C: hadoop-project U: hadoop-project
          Console output https://builds.apache.org/job/PreCommit-HADOOP-Build/11009/console
          Powered by Apache Yetus 0.4.0-SNAPSHOT http://yetus.apache.org

          This message was automatically generated.

          Show
          hadoopqa Hadoop QA added a comment - -1 overall Vote Subsystem Runtime Comment 0 reexec 0m 18s Docker mode activated. +1 @author 0m 0s The patch does not contain any @author tags. -1 test4tests 0m 0s The patch doesn't appear to include any new or modified tests. Please justify why no new tests are needed for this patch. Also please list what manual steps were performed to verify this patch. +1 mvninstall 7m 45s trunk passed +1 compile 0m 10s trunk passed +1 mvnsite 0m 13s trunk passed +1 mvneclipse 0m 10s trunk passed +1 javadoc 0m 9s trunk passed +1 mvninstall 0m 7s the patch passed +1 compile 0m 6s the patch passed +1 javac 0m 6s the patch passed +1 mvnsite 0m 8s the patch passed +1 mvneclipse 0m 7s the patch passed +1 whitespace 0m 0s The patch has no whitespace issues. +1 xml 0m 1s The patch has no ill-formed XML file. +1 javadoc 0m 6s the patch passed +1 unit 0m 6s hadoop-project in the patch passed. +1 asflicense 0m 18s The patch does not generate ASF License warnings. 10m 20s Subsystem Report/Notes Docker Image:yetus/hadoop:e809691 JIRA Issue HADOOP-12705 JIRA Patch URL https://issues.apache.org/jira/secure/attachment/12837809/HADOOP-12705.003.patch Optional Tests asflicense compile javac javadoc mvninstall mvnsite unit xml uname Linux 87402fa57161 3.13.0-36-lowlatency #63-Ubuntu SMP PREEMPT Wed Sep 3 21:56:12 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux Build tool maven Personality /testptch/hadoop/patchprocess/precommit/personality/provided.sh git revision trunk / acd509d Default Java 1.8.0_101 Test Results https://builds.apache.org/job/PreCommit-HADOOP-Build/11009/testReport/ modules C: hadoop-project U: hadoop-project Console output https://builds.apache.org/job/PreCommit-HADOOP-Build/11009/console Powered by Apache Yetus 0.4.0-SNAPSHOT http://yetus.apache.org This message was automatically generated.
          Hide
          mackrorysd Sean Mackrory added a comment - - edited

          Just attached one - didn't see any required changes other than the POM.

          One lingering concern I have is that while I understand the need for more coordination in branch-2, the minor changes required if we did move to Jackson 2.8.x in Hadoop 3.0 seem smaller to me than the danger in being locked into Jackson 2.7.x for the life of Hadoop 3.x, where incompatible changes soon become even worse. Granted, there's also no guarantee that Jackson 2.9.x won't also contain incompatible changes, so I could just be fighting a losing battle, but wanted to raise the concern.

          Show
          mackrorysd Sean Mackrory added a comment - - edited Just attached one - didn't see any required changes other than the POM. One lingering concern I have is that while I understand the need for more coordination in branch-2, the minor changes required if we did move to Jackson 2.8.x in Hadoop 3.0 seem smaller to me than the danger in being locked into Jackson 2.7.x for the life of Hadoop 3.x, where incompatible changes soon become even worse. Granted, there's also no guarantee that Jackson 2.9.x won't also contain incompatible changes, so I could just be fighting a losing battle, but wanted to raise the concern.
          Hide
          stevel@apache.org Steve Loughran added a comment -

          Is there a standalone patch which increments jackson to 2.7.8?

          Show
          stevel@apache.org Steve Loughran added a comment - Is there a standalone patch which increments jackson to 2.7.8?
          Hide
          stevel@apache.org Steve Loughran added a comment -

          +1 for trunk, not rushing to put it in branch-2 yet because team HBase will be unhappy....we need to make sure that everyone is ready.

          We do not declare jackson-databind as a dependency of hadoop-common; it is declared a dependency of hadoop-aws in the 2.7.x branch: (HADOOP-13692), and ends up in tools/lib in a hadoop distro. So we are explicitly and implicitly exporting it; not something we can ignore. We

          Show
          stevel@apache.org Steve Loughran added a comment - +1 for trunk, not rushing to put it in branch-2 yet because team HBase will be unhappy....we need to make sure that everyone is ready. We do not declare jackson-databind as a dependency of hadoop-common; it is declared a dependency of hadoop-aws in the 2.7.x branch: ( HADOOP-13692 ), and ends up in tools/lib in a hadoop distro. So we are explicitly and implicitly exporting it; not something we can ignore. We
          Hide
          ajisakaa Akira Ajisaka added a comment -

          +1 for 2.7.8 in trunk and branch-2. Thanks PJ Fanning, Sean Mackrory, and Steve Loughran.

          Show
          ajisakaa Akira Ajisaka added a comment - +1 for 2.7.8 in trunk and branch-2. Thanks PJ Fanning , Sean Mackrory , and Steve Loughran .
          Hide
          stevel@apache.org Steve Loughran added a comment -

          sounds good; I'm wondering if we should raise it as a branch-2 change too, given the security implications, and now compatibility @ compile/link

          thanks for doing this.

          Show
          stevel@apache.org Steve Loughran added a comment - sounds good; I'm wondering if we should raise it as a branch-2 change too, given the security implications, and now compatibility @ compile/link thanks for doing this.
          Hide
          mackrorysd Sean Mackrory added a comment -

          2.7.8 seems a happy balance. Very recent release, is apparently not vulnerable to that XEE bug, and changes to hadoop-rumen are not required to build or pass tests successfully.

          Show
          mackrorysd Sean Mackrory added a comment - 2.7.8 seems a happy balance. Very recent release, is apparently not vulnerable to that XEE bug, and changes to hadoop-rumen are not required to build or pass tests successfully.
          Hide
          pj.fanning PJ Fanning added a comment -

          I think only 2.7.6 and 2.8.x have the XEE fix.

          Show
          pj.fanning PJ Fanning added a comment - I think only 2.7.6 and 2.8.x have the XEE fix.
          Hide
          stevel@apache.org Steve Loughran added a comment -

          This upgrade broke rumen? So it's probably going to break other code down below. Is there a version of Jackson which (a) fixes the XEE bug and (b) remains compatible at compile/run time with existing work. We know 2.6.6 does (b)

          Show
          stevel@apache.org Steve Loughran added a comment - This upgrade broke rumen? So it's probably going to break other code down below. Is there a version of Jackson which (a) fixes the XEE bug and (b) remains compatible at compile/run time with existing work. We know 2.6.6 does (b)
          Hide
          stevel@apache.org Steve Loughran added a comment -

          I do think it's time to upgrade ... but at the same time, if we push ahead of what everything else is using, there are going to be problems. Has anyone raised the upgrade with projects downstream (HBase etc?). What versions are they using?

          Show
          stevel@apache.org Steve Loughran added a comment - I do think it's time to upgrade ... but at the same time, if we push ahead of what everything else is using, there are going to be problems. Has anyone raised the upgrade with projects downstream (HBase etc?). What versions are they using?
          Hide
          mackrorysd Sean Mackrory added a comment -

          I'd like to help with this if I can. FWIW, I ran through an upgrade to 2.8.4 (latest). Required some very minor code changes (patch attached), but all the tests are looking good (including hadoop-aws) and manual testing didn't show any issues.

          Show
          mackrorysd Sean Mackrory added a comment - I'd like to help with this if I can. FWIW, I ran through an upgrade to 2.8.4 (latest). Required some very minor code changes (patch attached), but all the tests are looking good (including hadoop-aws) and manual testing didn't show any issues.
          Hide
          hadoopqa Hadoop QA added a comment -
          -1 overall



          Vote Subsystem Runtime Comment
          0 reexec 0m 0s Docker mode activated.
          -1 patch 0m 6s HADOOP-12705 does not apply to trunk. Rebase required? Wrong Branch? See https://wiki.apache.org/hadoop/HowToContribute for help.



          Subsystem Report/Notes
          JIRA Issue HADOOP-12705
          JIRA Patch URL https://issues.apache.org/jira/secure/attachment/12804958/HADOOP-13050-001.patch
          Console output https://builds.apache.org/job/PreCommit-HADOOP-Build/10607/console
          Powered by Apache Yetus 0.4.0-SNAPSHOT http://yetus.apache.org

          This message was automatically generated.

          Show
          hadoopqa Hadoop QA added a comment - -1 overall Vote Subsystem Runtime Comment 0 reexec 0m 0s Docker mode activated. -1 patch 0m 6s HADOOP-12705 does not apply to trunk. Rebase required? Wrong Branch? See https://wiki.apache.org/hadoop/HowToContribute for help. Subsystem Report/Notes JIRA Issue HADOOP-12705 JIRA Patch URL https://issues.apache.org/jira/secure/attachment/12804958/HADOOP-13050-001.patch Console output https://builds.apache.org/job/PreCommit-HADOOP-Build/10607/console Powered by Apache Yetus 0.4.0-SNAPSHOT http://yetus.apache.org This message was automatically generated.
          Hide
          ajisakaa Akira Ajisaka added a comment -

          Thank you for the information! However, I'm thinking we need to upgrade jackson to 2.5.5/2.6.6 because aws-sdk 1.10/1.11 depends on the version. If we upgrade jackson to 2.7.6 or 2.8, we need to run aws-sdk with the version of jackson. It may work, but I'm not sure.

          Show
          ajisakaa Akira Ajisaka added a comment - Thank you for the information! However, I'm thinking we need to upgrade jackson to 2.5.5/2.6.6 because aws-sdk 1.10/1.11 depends on the version. If we upgrade jackson to 2.7.6 or 2.8, we need to run aws-sdk with the version of jackson. It may work, but I'm not sure.
          Hide
          pj.fanning PJ Fanning added a comment - - edited
          Show
          pj.fanning PJ Fanning added a comment - - edited https://github.com/FasterXML/jackson-databind/issues/1279 covers the latest XEE bug
          Hide
          ajisakaa Akira Ajisaka added a comment -

          Can we upgrade to jackson v2.7.6 or v2.8.0 - these versions coming soon, fix an XML Entity Expansion vulnerability?

          Is there any detailed information that there is a vulnerability and it will be fixed in 2.7.6/2.8.0? I can only found CVE-2016-3720 and it is fixed in 2.7.4.

          Would it be possible to remove the dependency on jackson 1.9.13 too

          I'm thinking this can be done in a separate jira.

          Show
          ajisakaa Akira Ajisaka added a comment - Can we upgrade to jackson v2.7.6 or v2.8.0 - these versions coming soon, fix an XML Entity Expansion vulnerability? Is there any detailed information that there is a vulnerability and it will be fixed in 2.7.6/2.8.0? I can only found CVE-2016-3720 and it is fixed in 2.7.4. Would it be possible to remove the dependency on jackson 1.9.13 too I'm thinking this can be done in a separate jira.
          Hide
          pj.fanning PJ Fanning added a comment -

          Can we upgrade to jackson v2.7.6 or v2.8.0 - these versions coming soon, fix an XML Entity Expansion vulnerability?
          Would it be possible to remove the dependency on jackson 1.9.13 too - this code base is no longer maintained and has the same XML Entity Expansion vulnerability?

          Show
          pj.fanning PJ Fanning added a comment - Can we upgrade to jackson v2.7.6 or v2.8.0 - these versions coming soon, fix an XML Entity Expansion vulnerability? Would it be possible to remove the dependency on jackson 1.9.13 too - this code base is no longer maintained and has the same XML Entity Expansion vulnerability?
          Hide
          stevel@apache.org Steve Loughran added a comment -

          javac warnings are related to deprecation in the s3a side of things; ignore here

          Show
          stevel@apache.org Steve Loughran added a comment - javac warnings are related to deprecation in the s3a side of things; ignore here
          Hide
          hadoopqa Hadoop QA added a comment -
          -1 overall



          Vote Subsystem Runtime Comment
          0 reexec 0m 12s Docker mode activated.
          +1 @author 0m 0s The patch does not contain any @author tags.
          -1 test4tests 0m 0s The patch doesn't appear to include any new or modified tests. Please justify why no new tests are needed for this patch. Also please list what manual steps were performed to verify this patch.
          0 mvndep 0m 42s Maven dependency ordering for branch
          +1 mvninstall 7m 36s trunk passed
          +1 compile 7m 41s trunk passed
          +1 mvnsite 0m 29s trunk passed
          +1 mvneclipse 1m 1s trunk passed
          +1 javadoc 0m 22s trunk passed
          0 mvndep 0m 22s Maven dependency ordering for patch
          +1 mvninstall 0m 21s the patch passed
          +1 compile 6m 52s the patch passed
          -1 javac 6m 52s root generated 2 new + 697 unchanged - 0 fixed = 699 total (was 697)
          +1 mvnsite 0m 27s the patch passed
          +1 mvneclipse 0m 24s the patch passed
          +1 whitespace 0m 0s The patch has no whitespace issues.
          +1 xml 0m 3s The patch has no ill-formed XML file.
          +1 javadoc 0m 21s the patch passed
          +1 unit 0m 8s hadoop-project in the patch passed.
          +1 unit 0m 14s hadoop-aws in the patch passed.
          +1 asflicense 0m 19s The patch does not generate ASF License warnings.
          28m 7s



          Subsystem Report/Notes
          Docker Image:yetus/hadoop:2c91fd8
          JIRA Patch URL https://issues.apache.org/jira/secure/attachment/12804958/HADOOP-13050-001.patch
          JIRA Issue HADOOP-12705
          Optional Tests asflicense compile javac javadoc mvninstall mvnsite unit xml
          uname Linux a7c7d066825a 3.13.0-36-lowlatency #63-Ubuntu SMP PREEMPT Wed Sep 3 21:56:12 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
          Build tool maven
          Personality /testptch/hadoop/patchprocess/precommit/personality/provided.sh
          git revision trunk / 141873c
          Default Java 1.8.0_91
          javac https://builds.apache.org/job/PreCommit-HADOOP-Build/9510/artifact/patchprocess/diff-compile-javac-root.txt
          Test Results https://builds.apache.org/job/PreCommit-HADOOP-Build/9510/testReport/
          modules C: hadoop-project hadoop-tools/hadoop-aws U: .
          Console output https://builds.apache.org/job/PreCommit-HADOOP-Build/9510/console
          Powered by Apache Yetus 0.3.0-SNAPSHOT http://yetus.apache.org

          This message was automatically generated.

          Show
          hadoopqa Hadoop QA added a comment - -1 overall Vote Subsystem Runtime Comment 0 reexec 0m 12s Docker mode activated. +1 @author 0m 0s The patch does not contain any @author tags. -1 test4tests 0m 0s The patch doesn't appear to include any new or modified tests. Please justify why no new tests are needed for this patch. Also please list what manual steps were performed to verify this patch. 0 mvndep 0m 42s Maven dependency ordering for branch +1 mvninstall 7m 36s trunk passed +1 compile 7m 41s trunk passed +1 mvnsite 0m 29s trunk passed +1 mvneclipse 1m 1s trunk passed +1 javadoc 0m 22s trunk passed 0 mvndep 0m 22s Maven dependency ordering for patch +1 mvninstall 0m 21s the patch passed +1 compile 6m 52s the patch passed -1 javac 6m 52s root generated 2 new + 697 unchanged - 0 fixed = 699 total (was 697) +1 mvnsite 0m 27s the patch passed +1 mvneclipse 0m 24s the patch passed +1 whitespace 0m 0s The patch has no whitespace issues. +1 xml 0m 3s The patch has no ill-formed XML file. +1 javadoc 0m 21s the patch passed +1 unit 0m 8s hadoop-project in the patch passed. +1 unit 0m 14s hadoop-aws in the patch passed. +1 asflicense 0m 19s The patch does not generate ASF License warnings. 28m 7s Subsystem Report/Notes Docker Image:yetus/hadoop:2c91fd8 JIRA Patch URL https://issues.apache.org/jira/secure/attachment/12804958/HADOOP-13050-001.patch JIRA Issue HADOOP-12705 Optional Tests asflicense compile javac javadoc mvninstall mvnsite unit xml uname Linux a7c7d066825a 3.13.0-36-lowlatency #63-Ubuntu SMP PREEMPT Wed Sep 3 21:56:12 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux Build tool maven Personality /testptch/hadoop/patchprocess/precommit/personality/provided.sh git revision trunk / 141873c Default Java 1.8.0_91 javac https://builds.apache.org/job/PreCommit-HADOOP-Build/9510/artifact/patchprocess/diff-compile-javac-root.txt Test Results https://builds.apache.org/job/PreCommit-HADOOP-Build/9510/testReport/ modules C: hadoop-project hadoop-tools/hadoop-aws U: . Console output https://builds.apache.org/job/PreCommit-HADOOP-Build/9510/console Powered by Apache Yetus 0.3.0-SNAPSHOT http://yetus.apache.org This message was automatically generated.
          Hide
          ajisakaa Akira Ajisaka added a comment -

          Anyway, I'm thinking we should upgrade Jackson to 2.5.5 or 2.6.6. I'll remove my patch.

          Show
          ajisakaa Akira Ajisaka added a comment - Anyway, I'm thinking we should upgrade Jackson to 2.5.5 or 2.6.6. I'll remove my patch.
          Hide
          ajisakaa Akira Ajisaka added a comment -

          Agreed. Which AWS lib version do you want to choose, 1.10.77 or 1.11.2?

          Show
          ajisakaa Akira Ajisaka added a comment - Agreed. Which AWS lib version do you want to choose, 1.10.77 or 1.11.2?
          Hide
          stevel@apache.org Steve Loughran added a comment -

          If we went with AWS lib 1.11.2, it'd be built against 2.6.6. I'd like them to at least be in sync

          Show
          stevel@apache.org Steve Loughran added a comment - If we went with AWS lib 1.11.2, it'd be built against 2.6.6. I'd like them to at least be in sync
          Hide
          stevel@apache.org Steve Loughran added a comment -

          funny. race condition in coding. I went with approximately the same version that the aws JAR uses and its databinding JAR. I'll see what your one gets up to and remove the attachment I'd put in.

          Show
          stevel@apache.org Steve Loughran added a comment - funny. race condition in coding. I went with approximately the same version that the aws JAR uses and its databinding JAR. I'll see what your one gets up to and remove the attachment I'd put in.
          Hide
          stevel@apache.org Steve Loughran added a comment -

          This the HADOOP-13050 patch, which increments Jackson to 2.5.5; as jenkins doesn't actually test the AWS codebase, the aws JAR update doesn't get tested.

          For the jackson update, we need to test across all modules

          Show
          stevel@apache.org Steve Loughran added a comment - This the HADOOP-13050 patch, which increments Jackson to 2.5.5; as jenkins doesn't actually test the AWS codebase, the aws JAR update doesn't get tested. For the jackson update, we need to test across all modules
          Hide
          ajisakaa Akira Ajisaka added a comment -

          Attaching a patch to upgrade to the latest version (2.7.4). Let's see what happens.

          Show
          ajisakaa Akira Ajisaka added a comment - Attaching a patch to upgrade to the latest version (2.7.4). Let's see what happens.
          Hide
          stevel@apache.org Steve Loughran added a comment -

          We need to go to a later version of jackson so S3A works on Java 8u60+; HADOOP-13050 ... because it needs an artifact com.fasterxml.jackson.dataformat:jackson-dataformat-cbor in sync with jackson2, and it's 2.3.3 or later only.

          Show
          stevel@apache.org Steve Loughran added a comment - We need to go to a later version of jackson so S3A works on Java 8u60+; HADOOP-13050 ... because it needs an artifact com.fasterxml.jackson.dataformat:jackson-dataformat-cbor in sync with jackson2, and it's 2.3.3 or later only.
          Hide
          stevel@apache.org Steve Loughran added a comment -

          oh yes

          Show
          stevel@apache.org Steve Loughran added a comment - oh yes
          Hide
          djp Junping Du added a comment -

          Steve, may be we should consider to mark this JIRA as incompatible?

          Show
          djp Junping Du added a comment - Steve, may be we should consider to mark this JIRA as incompatible?
          Hide
          stevel@apache.org Steve Loughran added a comment -

          note that the opposite will probably apply: with the update, things written for Jackson 2.2.3 will inevitably break.

          someone should do some full bigtop test runs with jackson bumped up just to see what happens

          Show
          stevel@apache.org Steve Loughran added a comment - note that the opposite will probably apply: with the update, things written for Jackson 2.2.3 will inevitably break. someone should do some full bigtop test runs with jackson bumped up just to see what happens

            People

            • Assignee:
              mackrorysd Sean Mackrory
              Reporter:
              stevel@apache.org Steve Loughran
            • Votes:
              0 Vote for this issue
              Watchers:
              9 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development