This Jira has been LDAP enabled, if you are an ASF Committer, please use your LDAP Credentials to login. Any problems email firstname.lastname@example.org
Now Jackson 2.9.5 is used and it is vulnerable (CVE-2018-11307). Let's upgrade to the latest version.
Upgrade Jackson-databind version to 2.9.8
Fix up Hadoop POMs, roll up JARs to latest versions
Upgrade jackson-databind to version 2.9.5