[
https://issues.apache.org/jira/browse/OOZIE-3650?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17475187#comment-17475187
]
Andras Salamon commented on OOZIE-3650:
---------------------------------------
Sorry [~pj.fanning] I missed that because precommit failed to comment here.
Here is the link to the precomit:
[https://ci-hadoop.apache.org/job/PreCommit-OOZIE-Build/55]
and here is the error message from it:
{noformat}
18:36:30 Applying patch
18:36:30
18:36:30 Checking patch a/pom.xml => b/pom.xml...
18:36:30 error: a/pom.xml: No such file or directory
18:36:30 Checking patch pom.xml...
18:36:30 error: while searching for:
18:36:30 <derby.version>10.14.2.0</derby.version>
18:36:30 <xerces.version>2.11.0</xerces.version>
18:36:30 <curator.version>2.5.0</curator.version>
18:36:30 <jackson.version>2.6.7.5</jackson.version>
18:36:30 <log4j.version>1.2.17</log4j.version>
18:36:30 <activemq.version>5.15.9</activemq.version>
18:36:30 <commons.lang3.version>3.3.2</commons.lang3.version>
18:36:30
18:36:30 error: patch failed: pom.xml:116
18:36:30 error: pom.xml: patch does not apply
18:36:30 Patch failed to apply to head of branch{noformat}
But what's wrong with the patch?
> upgrade jackson - ideally to v2.13.1
> ------------------------------------
>
> Key: OOZIE-3650
> URL: https://issues.apache.org/jira/browse/OOZIE-3650
> Project: Oozie
> Issue Type: Improvement
> Reporter: PJ Fanning
> Priority: Major
> Labels: patch-available
> Attachments: OOZIE-3650-001.patch
>
>
> Oozie currently has a dependency on an old version of Jackson (2.6.5) -
> [https://github.com/apache/oozie/blob/master/pom.xml#L119]
> There are a number of CVEs open affecting this version.
> https://mvnrepository.com/artifact/com.fasterxml.jackson.core/jackson-databind/2.6.5
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
