[
https://issues.apache.org/jira/browse/HBASE-28943?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Nihal Jain updated HBASE-28943:
-------------------------------
Description:
Building hbase with hadoop-3 profile requires jackson 1.x jars, which has
vulnerabilities. Ideally these should not be needed as with HADOOP-13332 hadoop
has already "Remove jackson 1.9.13 and switch all jackson code to 2.x code
line" for branch-3.
Also in HBASE-27148, where we worked on "Move minimum hadoop 3 support version
to 3.2.3" we had did a similar cleanup for branch-3 but somehow we missed to
port the relevant changes to the branch-2 backport of same jira. This task is
to take care of this so that we donot need jackson 1.x to build/run hbase with
hadoop-3 profile on branch-2.x.
> Remove all jackson 1.x dependencies from hadoop-3 profile, since all jackson
> 1.x versions have vulnerabilities
> --------------------------------------------------------------------------------------------------------------
>
> Key: HBASE-28943
> URL: https://issues.apache.org/jira/browse/HBASE-28943
> Project: HBase
> Issue Type: Task
> Components: hadoop3, security
> Reporter: Nihal Jain
> Assignee: Nihal Jain
> Priority: Major
>
> Building hbase with hadoop-3 profile requires jackson 1.x jars, which has
> vulnerabilities. Ideally these should not be needed as with HADOOP-13332
> hadoop has already "Remove jackson 1.9.13 and switch all jackson code to 2.x
> code line" for branch-3.
> Also in HBASE-27148, where we worked on "Move minimum hadoop 3 support
> version to 3.2.3" we had did a similar cleanup for branch-3 but somehow we
> missed to port the relevant changes to the branch-2 backport of same jira.
> This task is to take care of this so that we donot need jackson 1.x to
> build/run hbase with hadoop-3 profile on branch-2.x.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
