XMLWordPrintableJSON

Details

    • Sub-task
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 1.4.10, 1.3.5, 1.3.6
    • 1.5.0, 1.3.6, 1.4.11
    • None
    • None
    • Reviewed
    • Hide
      1. Stopped using Jackson1(org.codehaus.jackson*) in HBase code base.
      2. Upgraded to Jackson2(com.fasterxml.jackson*) instead.
      3. Stopped exposing vulnerable Jackson1 dependencies (org.codehaus.jackson:jackson-mapper-asl:1.9.13) so that downstreamers would not pull it in from HBase.
      4. However, since Hadoop requires this dependency, put vulnerable jackson at compile scope in hbase-assembly module so that HBase tarball contains this mapper jar in lib. Still, downsteam applications can't pull in Jackson1 from HBase.
      5. Upgraded maven assembly plugin to 3.1.1.
      Show
      1. Stopped using Jackson1(org.codehaus.jackson*) in HBase code base. 2. Upgraded to Jackson2(com.fasterxml.jackson*) instead. 3. Stopped exposing vulnerable Jackson1 dependencies (org.codehaus.jackson:jackson-mapper-asl:1.9.13) so that downstreamers would not pull it in from HBase. 4. However, since Hadoop requires this dependency, put vulnerable jackson at compile scope in hbase-assembly module so that HBase tarball contains this mapper jar in lib. Still, downsteam applications can't pull in Jackson1 from HBase. 5. Upgraded maven assembly plugin to 3.1.1.

    Description

      Avoid Jackson versions and dependencies with known CVEs

      Attachments

        1. HBASE-22728-addendum.patch
          2 kB
          Andrew Kyle Purtell
        2. HBASE-22728-addendum.patch
          2 kB
          Andrew Kyle Purtell
        3. HBASE-22728.branch-1.19.patch
          139 kB
          Viraj Jasani
        4. HBASE-22728.branch-1.18.patch
          138 kB
          Viraj Jasani
        5. HBASE-22728.branch-1.16.patch
          137 kB
          Viraj Jasani
        6. HBASE-22728.branch-1.15.patch
          137 kB
          Viraj Jasani
        7. HBASE-22728.branch-1.14.patch
          79 kB
          Viraj Jasani
        8. HBASE-22728.branch-1.12.patch
          94 kB
          Viraj Jasani
        9. HBASE-22728.branch-1.11.patch
          92 kB
          Viraj Jasani
        10. HBASE-22728.branch-1.10.patch
          78 kB
          Viraj Jasani
        11. HBASE-22728.branch-1.06.patch
          55 kB
          Viraj Jasani
        12. HBASE-22728.branch-1.04.patch
          55 kB
          Viraj Jasani
        13. HBASE-22728.branch-1.02.patch
          16 kB
          Viraj Jasani
        14. HBASE-22728.branch-1.01.patch
          17 kB
          Viraj Jasani

        Issue Links

          Activity

            People

              vjasani Viraj Jasani
              apurtell Andrew Kyle Purtell
              Votes:
              0 Vote for this issue
              Watchers:
              8 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: