[
https://issues.apache.org/jira/browse/HBASE-28943?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Nihal Jain updated HBASE-28943:
-------------------------------
Affects Version/s: 2.5.10
2.6.1
> Remove all jackson 1.x dependencies for hadoop-3 profile, since all jackson
> 1.x versions have vulnerabilities
> -------------------------------------------------------------------------------------------------------------
>
> Key: HBASE-28943
> URL: https://issues.apache.org/jira/browse/HBASE-28943
> Project: HBase
> Issue Type: Task
> Components: hadoop3, security
> Affects Versions: 2.6.1, 2.5.10
> Reporter: Nihal Jain
> Assignee: Nihal Jain
> Priority: Major
>
> Building hbase with hadoop-3 profile requires jackson 1.x jars, which has
> vulnerabilities. Ideally these should not be needed as with HADOOP-13332
> hadoop has already "Remove jackson 1.9.13 and switch all jackson code to 2.x
> code line" for branch-3.
> Also in HBASE-27148, where we worked on "Move minimum hadoop 3 support
> version to 3.2.3" we had did a similar cleanup for branch-3 but somehow we
> missed to port the relevant changes to the branch-2 backport of same jira.
> This task is to take care of this so that we donot need jackson 1.x to
> build/run hbase with hadoop-3 profile on branch-2.x.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
