[
https://issues.apache.org/jira/browse/HBASE-28943?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17896474#comment-17896474
]
Hudson commented on HBASE-28943:
--------------------------------
Results for branch branch-2.5
[build #621 on
builds.a.o|https://ci-hbase.apache.org/job/HBase%20Nightly/job/branch-2.5/621/]:
(x) *{color:red}-1 overall{color}*
----
details (if available):
(/) {color:green}+1 general checks{color}
-- For more information [see general
report|https://ci-hbase.apache.org/job/HBase%20Nightly/job/branch-2.5/621/General_20Nightly_20Build_20Report/]
(/) {color:green}+1 jdk8 hadoop2 checks{color}
-- For more information [see jdk8 (hadoop2)
report|https://ci-hbase.apache.org/job/HBase%20Nightly/job/branch-2.5/621/JDK8_20Nightly_20Build_20Report_20_28Hadoop2_29/]
(x) {color:red}-1 jdk8 hadoop3 checks{color}
-- For more information [see jdk8 (hadoop3)
report|https://ci-hbase.apache.org/job/HBase%20Nightly/job/branch-2.5/621/JDK8_20Nightly_20Build_20Report_20_28Hadoop3_29/]
(/) {color:green}+1 jdk11 hadoop3 checks{color}
-- For more information [see jdk11
report|https://ci-hbase.apache.org/job/HBase%20Nightly/job/branch-2.5/621/JDK11_20Nightly_20Build_20Report_20_28Hadoop3_29/]
(/) {color:green}+1 jdk17 hadoop3 checks{color}
-- For more information [see jdk17
report|https://ci-hbase.apache.org/job/HBase%20Nightly/job/branch-2.5/621/JDK17_20Nightly_20Build_20Report_20_28Hadoop3_29/]
(/) {color:green}+1 jdk17 hadoop ${HADOOP_THREE_VERSION} backward compatibility
checks{color}
-- For more information [see jdk17
report|https://ci-hbase.apache.org/job/HBase%20Nightly/job/branch-2.5/621/JDK17_20Nightly_20Build_20Report_20_28Hadoop3_29/]
(/) {color:green}+1 jdk17 hadoop ${HADOOP_THREE_VERSION} backward compatibility
checks{color}
-- For more information [see jdk17
report|https://ci-hbase.apache.org/job/HBase%20Nightly/job/branch-2.5/621/JDK17_20Nightly_20Build_20Report_20_28Hadoop3_29/]
(x) {color:red}-1 jdk17 hadoop ${HADOOP_THREE_VERSION} backward compatibility
checks{color}
-- For more information [see jdk17
report|https://ci-hbase.apache.org/job/HBase%20Nightly/job/branch-2.5/621/JDK17_20Nightly_20Build_20Report_20_28Hadoop3_29/]
(x) {color:red}-1 source release artifact{color}
-- Something went wrong with this stage, [check relevant console
output|https://ci-hbase.apache.org/job/HBase%20Nightly/job/branch-2.5/621//console].
(x) {color:red}-1 client integration test{color}
-- Something went wrong with this stage, [check relevant console
output|https://ci-hbase.apache.org/job/HBase%20Nightly/job/branch-2.5/621//console].
> Remove all jackson 1.x dependencies for hadoop-3 profile, since all jackson
> 1.x versions have vulnerabilities
> -------------------------------------------------------------------------------------------------------------
>
> Key: HBASE-28943
> URL: https://issues.apache.org/jira/browse/HBASE-28943
> Project: HBase
> Issue Type: Task
> Components: hadoop3, security
> Affects Versions: 2.6.1, 2.5.10
> Reporter: Nihal Jain
> Assignee: Nihal Jain
> Priority: Major
> Labels: pull-request-available
> Fix For: 2.7.0, 2.5.11, 2.6.2
>
>
> Building hbase with hadoop-3 profile on branch-2, still requires jackson 1.x
> jars, which has vulnerabilities. Ideally these should not be needed as with
> HADOOP-13332 hadoop has already "Remove jackson 1.9.13 and switch all jackson
> code to 2.x code line" for branch-3.
> Also in HBASE-27148, where we worked on "Move minimum hadoop 3 support
> version to 3.2.3" we had did a similar cleanup for branch-3 but somehow we
> missed to port the relevant changes to the branch-2 backport of same jira.
> This task is to take care of this so that we donot need jackson 1.x to
> build/run hbase with hadoop-3 profile on branch-2.x.
>
> We have following in our dependency tree:
> {code:java}
> [INFO] ----------< org.apache.hbase:hbase-shaded-client-byo-hadoop
> >-----------
> [INFO] Building Apache HBase - Shaded - Client 2.7.0-SNAPSHOT
> [33/53]
> [INFO] from hbase-shaded/hbase-shaded-client-byo-hadoop/pom.xml
> [INFO] --------------------------------[ jar
> ]---------------------------------
> [INFO]
> [INFO] +- org.codehaus.jackson:jackson-jaxrs:jar:1.9.13:provided
> [INFO] +- org.codehaus.jackson:jackson-xc:jar:1.9.13:provided
> .
> .
> [INFO] --------------< org.apache.hbase:hbase-shaded-mapreduce
> >---------------
> [INFO] Building Apache HBase - Shaded - MapReduce 2.7.0-SNAPSHOT
> [34/53]
> [INFO] from hbase-shaded/hbase-shaded-mapreduce/pom.xml
> [INFO] --------------------------------[ jar
> ]---------------------------------
> [INFO]
> [INFO] +- org.codehaus.jackson:jackson-jaxrs:jar:1.9.13:provided
> [INFO] +- org.codehaus.jackson:jackson-xc:jar:1.9.13:provided
> .
> .
> [INFO] -------------< org.apache.hbase:hbase-shaded-testing-util
> >-------------
> [INFO] Building Apache HBase - Shaded - Testing Util 2.7.0-SNAPSHOT
> [46/53]
> [INFO] from hbase-shaded/hbase-shaded-testing-util/pom.xml
> [INFO] --------------------------------[ jar
> ]---------------------------------
> [INFO]
> [INFO] +- org.codehaus.jackson:jackson-jaxrs:jar:1.9.13:compile
> [INFO] | +- org.codehaus.jackson:jackson-core-asl:jar:1.9.13:compile
> [INFO] | \- org.codehaus.jackson:jackson-mapper-asl:jar:1.9.13:compile
> [INFO] | +- org.codehaus.jackson:jackson-jaxrs:jar:1.9.13:test
> .
> .
> [INFO] ---------< org.apache.hbase:hbase-shaded-testing-util-tester
> >----------
> [INFO] Building Apache HBase - Shaded - Testing Util Tester 2.7.0-SNAPSHOT
> [47/53]
> [INFO] from hbase-shaded/hbase-shaded-testing-util-tester/pom.xml
> [INFO] --------------------------------[ jar
> ]---------------------------------
> [INFO]
> [INFO] +- org.codehaus.jackson:jackson-mapper-asl:jar:1.9.13:test
> [INFO] | \- org.codehaus.jackson:jackson-core-asl:jar:1.9.13:test {code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
