[ https://issues.apache.org/jira/browse/HADOOP-19230?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17868647#comment-17868647 ]
ASF GitHub Bot commented on HADOOP-19230: ----------------------------------------- pjfanning commented on PR #6761: URL: https://github.com/apache/hadoop/pull/6761#issuecomment-2250096203 This is the change to Jackson JAX-RS that is forcing Hadoop to stick with Jackson 2.12. https://github.com/FasterXML/jackson-jaxrs-providers/issues/134#issuecomment-1180637522 The new jar has that one class (NoContentException) that Jackson 2.13+ needs. > upgrade to jackson 2.14.3 > ------------------------- > > Key: HADOOP-19230 > URL: https://issues.apache.org/jira/browse/HADOOP-19230 > Project: Hadoop Common > Issue Type: Task > Components: common > Reporter: PJ Fanning > Priority: Major > Labels: pull-request-available > > Follow up to HADOOP-18332 > I have what I believe fixes the Jackson JAX-RS incompatibility. > https://github.com/pjfanning/jsr311-compat/ > The reason that I want to start by just going to Jackson 2.14 is that Jackson > has new StreamReadConstraints in Jackson 2.15 to protect against malicious > JSON inputs. The constraints are generous but can cause issues with very > large or deeply nested inputs. > Jackson has had a lot of security hardening fixes recently and it seems > problematic to be stuck on an unsupported version of Jackson (2.12). -- This message was sent by Atlassian Jira (v8.20.10#820010) --------------------------------------------------------------------- To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org