[
https://issues.apache.org/jira/browse/HADOOP-18332?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Steve Loughran resolved HADOOP-18332.
-------------------------------------
Fix Version/s: 3.3.4
Release Note: Downgrades Jackson from 2.13.2 to 2.12.7 to fix class
conflicts in downstream projects. This version of jackson does contain the fix
for CVE-2020-36518. (was: Downgrades Jackson from 2.13.2 to 2.12.7 to fix
Class conflicts in downstream projects)
Resolution: Fixed
> remove rs-api dependency by downgrading jackson to 2.12.7
> ---------------------------------------------------------
>
> Key: HADOOP-18332
> URL: https://issues.apache.org/jira/browse/HADOOP-18332
> Project: Hadoop Common
> Issue Type: Improvement
> Components: build
> Reporter: PJ Fanning
> Assignee: PJ Fanning
> Priority: Major
> Labels: pull-request-available
> Fix For: 3.3.4
>
> Time Spent: 3.5h
> Remaining Estimate: 0h
>
> This jsr311-api jar seems to conflict with newly added rs-api jar dependency
> - they have many of the same classes (but conflicting copies) - jersey-core
> 1.19 needs jsr311-api to work properly (and fails if rs-api used instead)
> * https://mvnrepository.com/artifact/javax.ws.rs/jsr311-api
> * https://mvnrepository.com/artifact/javax.ws.rs/javax.ws.rs-api
> Seems we will need to downgrade jackson to 2.12.7 because of jax-rs
> compatibility issues in jackson 2.13 (see
> https://github.com/FasterXML/jackson-jaxrs-providers/issues/134)
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: common-dev-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-dev-h...@hadoop.apache.org
