[
https://issues.apache.org/jira/browse/HADOOP-18033?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17565079#comment-17565079
]
Ayush Saxena commented on HADOOP-18033:
---------------------------------------
{quote}is it ok to downgrade jackson to 2.12.7? - has latest CVE fixes but not
this change
{quote}
Sounds good to me , if we get rid of javax.ws.rs-api dependency without
compromising on the CVE, I think there isn't anything better which we can think
of.
[~aajisaka] too pointed that we can explore moving to 2.12.7. Initially this
Jira too was raised to move Jackson to 2.12.x latest. I think if the build
doesn't complain post removing javax.ws.rs-api and moving to 2.12.7, then we
are sorted
> Upgrade fasterxml Jackson to 2.13.0
> -----------------------------------
>
> Key: HADOOP-18033
> URL: https://issues.apache.org/jira/browse/HADOOP-18033
> Project: Hadoop Common
> Issue Type: Improvement
> Components: build
> Reporter: Akira Ajisaka
> Assignee: Viraj Jasani
> Priority: Major
> Labels: pull-request-available
> Fix For: 3.4.0, 3.3.2
>
> Time Spent: 6h
> Remaining Estimate: 0h
>
> Spark 3.2.0 depends on Jackson 2.12.3. Let's upgrade to 2.12.5 (2.12.x latest
> as of now) or upper.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org
