[jira] [Commented] (OOZIE-3172) Upgrade non-transitive Jackson dependencies from org.codehaus.jackson to com.fasterxml.jackson
[ https://issues.apache.org/jira/browse/OOZIE-3172?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16343408#comment-16343408 ] Hadoop QA commented on OOZIE-3172: -- PreCommit-OOZIE-Build started > Upgrade non-transitive Jackson dependencies from org.codehaus.jackson to > com.fasterxml.jackson > -- > > Key: OOZIE-3172 > URL: https://issues.apache.org/jira/browse/OOZIE-3172 > Project: Oozie > Issue Type: Improvement > Components: core >Affects Versions: 5.0.0b1 >Reporter: Andras Piros >Assignee: Andras Piros >Priority: Major > Attachments: OOZIE-3172.001.patch > > > Jackson 1.9.3 is way too old, and has several security vulnerabilities as > well. Jackson 2.9.2 covers most of these. > Let's switch from {{org.codehaus.jackson}} to {{com.fasterxml.jackson}} in > Oozie's direct (non-transitive) dependencies. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (OOZIE-3172) Upgrade non-transitive Jackson dependencies from org.codehaus.jackson to com.fasterxml.jackson
[ https://issues.apache.org/jira/browse/OOZIE-3172?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16343543#comment-16343543 ] Hadoop QA commented on OOZIE-3172: -- Testing JIRA OOZIE-3172 Cleaning local git workspace {color:green}+1 PATCH_APPLIES{color} {color:green}+1 CLEAN{color} {color:green}+1 RAW_PATCH_ANALYSIS{color} .{color:green}+1{color} the patch does not introduce any @author tags .{color:green}+1{color} the patch does not introduce any tabs .{color:green}+1{color} the patch does not introduce any trailing spaces .{color:green}+1{color} the patch does not introduce any line longer than 132 .{color:green}+1{color} the patch adds/modifies 2 testcase(s) {color:green}+1 RAT{color} .{color:green}+1{color} the patch does not seem to introduce new RAT warnings {color:green}+1 JAVADOC{color} .{color:green}+1{color} the patch does not seem to introduce new Javadoc warnings .{color:red}WARNING{color}: the current HEAD has 100 Javadoc warning(s) {color:green}+1 COMPILE{color} .{color:green}+1{color} HEAD compiles .{color:green}+1{color} patch compiles .{color:green}+1{color} the patch does not seem to introduce new javac warnings {color:green}+1{color} There are no new bugs found in total. . {color:green}+1{color} There are no new bugs found in [docs]. . {color:green}+1{color} There are no new bugs found in [sharelib/distcp]. . {color:green}+1{color} There are no new bugs found in [sharelib/hive]. . {color:green}+1{color} There are no new bugs found in [sharelib/spark]. . {color:green}+1{color} There are no new bugs found in [sharelib/hive2]. . {color:green}+1{color} There are no new bugs found in [sharelib/hcatalog]. . {color:green}+1{color} There are no new bugs found in [sharelib/streaming]. . {color:green}+1{color} There are no new bugs found in [sharelib/pig]. . {color:green}+1{color} There are no new bugs found in [sharelib/sqoop]. . {color:green}+1{color} There are no new bugs found in [sharelib/oozie]. . {color:green}+1{color} There are no new bugs found in [examples]. . {color:green}+1{color} There are no new bugs found in [client]. . {color:green}+1{color} There are no new bugs found in [core]. . {color:green}+1{color} There are no new bugs found in [tools]. . {color:green}+1{color} There are no new bugs found in [server]. {color:green}+1 BACKWARDS_COMPATIBILITY{color} .{color:green}+1{color} the patch does not change any JPA Entity/Colum/Basic/Lob/Transient annotations .{color:green}+1{color} the patch does not modify JPA files {color:red}-1 TESTS{color} .Tests run: 2088 .Tests failed: 6 .Tests errors: 2 .The patch failed the following testcases: testSparkAction(org.apache.oozie.action.hadoop.TestSparkActionExecutor) testSparkAction(org.apache.oozie.action.hadoop.TestSparkActionExecutor) testPyspark(org.apache.oozie.action.hadoop.TestPyspark) testPartitionDependency(org.apache.oozie.service.TestPartitionDependencyManagerService) testCoordActionRecoveryServiceForWaitingRegisterPartition(org.apache.oozie.service.TestRecoveryService) testConnectionDrop(org.apache.oozie.jms.TestJMSJobEventListener) testPartitionDependency(org.apache.oozie.service.TestPartitionDependencyManagerEhcache) .Tests failing with errors: testMain(org.apache.oozie.action.hadoop.TestSparkMain) testConnectionRetry(org.apache.oozie.service.TestJMSAccessorService) .{color:orange}Tests failed at first run:{color} TestJavaActionExecutor#testCredentialsSkip .For the complete list of flaky tests, see TEST-SUMMARY-FULL files. {color:green}+1 DISTRO{color} .{color:green}+1{color} distro tarball builds with the patch {color:red}*-1 Overall result, please check the reported -1(s)*{color} {color:red}. There is at least one warning, please check{color} The full output of the test-patch run is available at . https://builds.apache.org/job/PreCommit-OOZIE-Build/354/ > Upgrade non-transitive Jackson dependencies from org.codehaus.jackson to > com.fasterxml.jackson > -- > > Key: OOZIE-3172 > URL: https://issues.apache.org/jira/browse/OOZIE-3172 > Project: Oozie > Issue Type: Improvement > Components: core >Affects Versions: 5.0.0b1 >Reporter: Andras Piros >Assignee: Andras Piros >Priority: Major > Attachments: OOZIE-3172.001.patch > > > Jackson 1.9.3 is way too old, and has several security vulnerabilities as > well. Jackson 2.9.2 covers most of these. > Let's switch from {{org.codehaus.jackson}} to {{com.fasterxml.jackson}} in > Oozie's direct (non-transitive) dependencies. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (OOZIE-3172) Upgrade non-transitive Jackson dependencies from org.codehaus.jackson to com.fasterxml.jackson
[ https://issues.apache.org/jira/browse/OOZIE-3172?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16345363#comment-16345363 ] Andras Piros commented on OOZIE-3172: - Going for Jackson version {{2.4.2}} as this is the one Spark 1.6.1 uses - previous attempt w/ {{2.9.2}} gave various class loading problems. > Upgrade non-transitive Jackson dependencies from org.codehaus.jackson to > com.fasterxml.jackson > -- > > Key: OOZIE-3172 > URL: https://issues.apache.org/jira/browse/OOZIE-3172 > Project: Oozie > Issue Type: Improvement > Components: core >Affects Versions: 5.0.0b1 >Reporter: Andras Piros >Assignee: Andras Piros >Priority: Major > Attachments: OOZIE-3172.001.patch, OOZIE-3172.002.patch > > > Jackson 1.9.3 is way too old, and has several security vulnerabilities as > well. Jackson 2.9.2 covers most of these. > Let's switch from {{org.codehaus.jackson}} to {{com.fasterxml.jackson}} in > Oozie's direct (non-transitive) dependencies. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (OOZIE-3172) Upgrade non-transitive Jackson dependencies from org.codehaus.jackson to com.fasterxml.jackson
[ https://issues.apache.org/jira/browse/OOZIE-3172?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16345385#comment-16345385 ] Hadoop QA commented on OOZIE-3172: -- PreCommit-OOZIE-Build started > Upgrade non-transitive Jackson dependencies from org.codehaus.jackson to > com.fasterxml.jackson > -- > > Key: OOZIE-3172 > URL: https://issues.apache.org/jira/browse/OOZIE-3172 > Project: Oozie > Issue Type: Improvement > Components: core >Affects Versions: 5.0.0b1 >Reporter: Andras Piros >Assignee: Andras Piros >Priority: Major > Attachments: OOZIE-3172.001.patch, OOZIE-3172.002.patch > > > Jackson 1.9.3 is way too old, and has several security vulnerabilities as > well. Jackson 2.9.2 covers most of these. > Let's switch from {{org.codehaus.jackson}} to {{com.fasterxml.jackson}} in > Oozie's direct (non-transitive) dependencies. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (OOZIE-3172) Upgrade non-transitive Jackson dependencies from org.codehaus.jackson to com.fasterxml.jackson
[ https://issues.apache.org/jira/browse/OOZIE-3172?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16345600#comment-16345600 ] Hadoop QA commented on OOZIE-3172: -- Testing JIRA OOZIE-3172 Cleaning local git workspace {color:green}+1 PATCH_APPLIES{color} {color:green}+1 CLEAN{color} {color:green}+1 RAW_PATCH_ANALYSIS{color} .{color:green}+1{color} the patch does not introduce any @author tags .{color:green}+1{color} the patch does not introduce any tabs .{color:green}+1{color} the patch does not introduce any trailing spaces .{color:green}+1{color} the patch does not introduce any line longer than 132 .{color:green}+1{color} the patch adds/modifies 2 testcase(s) {color:green}+1 RAT{color} .{color:green}+1{color} the patch does not seem to introduce new RAT warnings {color:green}+1 JAVADOC{color} .{color:green}+1{color} the patch does not seem to introduce new Javadoc warnings .{color:red}WARNING{color}: the current HEAD has 100 Javadoc warning(s) {color:green}+1 COMPILE{color} .{color:green}+1{color} HEAD compiles .{color:green}+1{color} patch compiles .{color:green}+1{color} the patch does not seem to introduce new javac warnings {color:green}+1{color} There are no new bugs found in total. . {color:green}+1{color} There are no new bugs found in [docs]. . {color:green}+1{color} There are no new bugs found in [examples]. . {color:green}+1{color} There are no new bugs found in [tools]. . {color:green}+1{color} There are no new bugs found in [core]. . {color:green}+1{color} There are no new bugs found in [server]. . {color:green}+1{color} There are no new bugs found in [client]. . {color:green}+1{color} There are no new bugs found in [sharelib/distcp]. . {color:green}+1{color} There are no new bugs found in [sharelib/oozie]. . {color:green}+1{color} There are no new bugs found in [sharelib/hcatalog]. . {color:green}+1{color} There are no new bugs found in [sharelib/streaming]. . {color:green}+1{color} There are no new bugs found in [sharelib/hive]. . {color:green}+1{color} There are no new bugs found in [sharelib/sqoop]. . {color:green}+1{color} There are no new bugs found in [sharelib/spark]. . {color:green}+1{color} There are no new bugs found in [sharelib/hive2]. . {color:green}+1{color} There are no new bugs found in [sharelib/pig]. {color:green}+1 BACKWARDS_COMPATIBILITY{color} .{color:green}+1{color} the patch does not change any JPA Entity/Colum/Basic/Lob/Transient annotations .{color:green}+1{color} the patch does not modify JPA files {color:green}+1 TESTS{color} .Tests run: 2088 .{color:orange}Tests failed at first run:{color} TestJavaActionExecutor#testCredentialsSkip TestCoordActionInputCheckXCommandNonUTC>TestCoordActionInputCheckXCommand#testNone .For the complete list of flaky tests, see TEST-SUMMARY-FULL files. {color:green}+1 DISTRO{color} .{color:green}+1{color} distro tarball builds with the patch {color:green}*+1 Overall result, good!, no -1s*{color} {color:red}. There is at least one warning, please check{color} The full output of the test-patch run is available at . https://builds.apache.org/job/PreCommit-OOZIE-Build/363/ > Upgrade non-transitive Jackson dependencies from org.codehaus.jackson to > com.fasterxml.jackson > -- > > Key: OOZIE-3172 > URL: https://issues.apache.org/jira/browse/OOZIE-3172 > Project: Oozie > Issue Type: Improvement > Components: core >Affects Versions: 5.0.0b1 >Reporter: Andras Piros >Assignee: Andras Piros >Priority: Major > Attachments: OOZIE-3172.001.patch, OOZIE-3172.002.patch > > > Jackson 1.9.3 is way too old, and has several security vulnerabilities as > well. Jackson 2.9.2 covers most of these. > Let's switch from {{org.codehaus.jackson}} to {{com.fasterxml.jackson}} in > Oozie's direct (non-transitive) dependencies. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (OOZIE-3172) Upgrade non-transitive Jackson dependencies from org.codehaus.jackson to com.fasterxml.jackson
[ https://issues.apache.org/jira/browse/OOZIE-3172?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16345603#comment-16345603 ] Andras Piros commented on OOZIE-3172: - [~asasvari] [~gezapeti] can you have a look? Thanks! > Upgrade non-transitive Jackson dependencies from org.codehaus.jackson to > com.fasterxml.jackson > -- > > Key: OOZIE-3172 > URL: https://issues.apache.org/jira/browse/OOZIE-3172 > Project: Oozie > Issue Type: Improvement > Components: core >Affects Versions: 5.0.0b1 >Reporter: Andras Piros >Assignee: Andras Piros >Priority: Major > Attachments: OOZIE-3172.001.patch, OOZIE-3172.002.patch > > > Jackson 1.9.3 is way too old, and has several security vulnerabilities as > well. Jackson 2.9.2 covers most of these. > Let's switch from {{org.codehaus.jackson}} to {{com.fasterxml.jackson}} in > Oozie's direct (non-transitive) dependencies. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (OOZIE-3172) Upgrade non-transitive Jackson dependencies from org.codehaus.jackson to com.fasterxml.jackson
[ https://issues.apache.org/jira/browse/OOZIE-3172?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16345786#comment-16345786 ] Peter Cseh commented on OOZIE-3172: --- I'm concerned about the Spark version conflict. We have a spark-2 profile that uses [Spar 2.1.0|https://github.com/apache/oozie/blob/master/pom.xml#L1982] and people are using Oozie with Spark 2.x more and more. Maybe we should consider bumping the default Spark version to something higher and incorporate this change only afterwards. > Upgrade non-transitive Jackson dependencies from org.codehaus.jackson to > com.fasterxml.jackson > -- > > Key: OOZIE-3172 > URL: https://issues.apache.org/jira/browse/OOZIE-3172 > Project: Oozie > Issue Type: Improvement > Components: core >Affects Versions: 5.0.0b1 >Reporter: Andras Piros >Assignee: Andras Piros >Priority: Major > Attachments: OOZIE-3172.001.patch, OOZIE-3172.002.patch > > > Jackson 1.9.3 is way too old, and has several security vulnerabilities as > well. Jackson 2.9.2 covers most of these. > Let's switch from {{org.codehaus.jackson}} to {{com.fasterxml.jackson}} in > Oozie's direct (non-transitive) dependencies. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (OOZIE-3172) Upgrade non-transitive Jackson dependencies from org.codehaus.jackson to com.fasterxml.jackson
[ https://issues.apache.org/jira/browse/OOZIE-3172?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16346216#comment-16346216 ] Attila Sasvari commented on OOZIE-3172: --- {{mvn dependency:tree}} shows that multiple sharelibs are depending on {{jackson-core-asl}} (for example Hive, Hive 2, Pig, Spark, Sqoop, Streaming). I am a bit concerned that doing this change may cause runtime failures because of conflicting versions. Have you submitted example workflows? > Upgrade non-transitive Jackson dependencies from org.codehaus.jackson to > com.fasterxml.jackson > -- > > Key: OOZIE-3172 > URL: https://issues.apache.org/jira/browse/OOZIE-3172 > Project: Oozie > Issue Type: Improvement > Components: core >Affects Versions: 5.0.0b1 >Reporter: Andras Piros >Assignee: Andras Piros >Priority: Major > Attachments: OOZIE-3172.001.patch, OOZIE-3172.002.patch > > > Jackson 1.9.3 is way too old, and has several security vulnerabilities as > well. Jackson 2.9.2 covers most of these. > Let's switch from {{org.codehaus.jackson}} to {{com.fasterxml.jackson}} in > Oozie's direct (non-transitive) dependencies. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (OOZIE-3172) Upgrade non-transitive Jackson dependencies from org.codehaus.jackson to com.fasterxml.jackson
[ https://issues.apache.org/jira/browse/OOZIE-3172?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16346364#comment-16346364 ] Peter Cseh commented on OOZIE-3172: --- if I see correctly we're only using jackson in the server side and in the Oozie client. In the sharelib we're only using it in tests. We could get away by changing the scope or changing that tests to not do that so we don't use jackson in our sharelibs at all. > Upgrade non-transitive Jackson dependencies from org.codehaus.jackson to > com.fasterxml.jackson > -- > > Key: OOZIE-3172 > URL: https://issues.apache.org/jira/browse/OOZIE-3172 > Project: Oozie > Issue Type: Improvement > Components: core >Affects Versions: 5.0.0b1 >Reporter: Andras Piros >Assignee: Andras Piros >Priority: Major > Attachments: OOZIE-3172.001.patch, OOZIE-3172.002.patch > > > Jackson 1.9.3 is way too old, and has several security vulnerabilities as > well. Jackson 2.9.2 covers most of these. > Let's switch from {{org.codehaus.jackson}} to {{com.fasterxml.jackson}} in > Oozie's direct (non-transitive) dependencies. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (OOZIE-3172) Upgrade non-transitive Jackson dependencies from org.codehaus.jackson to com.fasterxml.jackson
[ https://issues.apache.org/jira/browse/OOZIE-3172?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16346507#comment-16346507 ] Attila Sasvari commented on OOZIE-3172: --- There are transitive dependencies. Spark ShareLib for example: {code:java} [INFO] Building Apache Oozie Share Lib Spark 5.0.0-beta1 [INFO] [INFO] [INFO] --- maven-dependency-plugin:2.4:tree (default-cli) @ oozie-sharelib-spark --- [INFO] org.apache.oozie:oozie-sharelib-spark:jar:5.0.0-beta1 [INFO] +- com.google.guava:guava:jar:14.0.1:compile [INFO] +- org.apache.hadoop:hadoop-mapreduce-client-core:jar:2.6.0:compile [INFO] | +- org.apache.hadoop:hadoop-yarn-common:jar:2.6.0:compile [INFO] | | +- org.apache.hadoop:hadoop-yarn-api:jar:2.6.0:compile [INFO] | | +- javax.xml.bind:jaxb-api:jar:2.2.2:compile [INFO] | | | +- javax.xml.stream:stax-api:jar:1.0-2:compile [INFO] | | | \- javax.activation:activation:jar:1.1:compile [INFO] | | +- org.apache.commons:commons-compress:jar1.4.1:compile [INFO] | | | \- org.tukaani:xz:jar:1.0:compile [INFO] | | +- org.mortbay.jetty:jetty-util:jar:6.1.26:compile [INFO] | | +- com.sun.jersey:jersey-client:jar:1.9:compile [INFO] | | +- org.codehaus.jackson:jackson-core-asl:jar:1.9.13:compile{code} I would submit the example workflows to verify it does not cause issues. > Upgrade non-transitive Jackson dependencies from org.codehaus.jackson to > com.fasterxml.jackson > -- > > Key: OOZIE-3172 > URL: https://issues.apache.org/jira/browse/OOZIE-3172 > Project: Oozie > Issue Type: Improvement > Components: core >Affects Versions: 5.0.0b1 >Reporter: Andras Piros >Assignee: Andras Piros >Priority: Major > Attachments: OOZIE-3172.001.patch, OOZIE-3172.002.patch > > > Jackson 1.9.3 is way too old, and has several security vulnerabilities as > well. Jackson 2.9.2 covers most of these. > Let's switch from {{org.codehaus.jackson}} to {{com.fasterxml.jackson}} in > Oozie's direct (non-transitive) dependencies. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (OOZIE-3172) Upgrade non-transitive Jackson dependencies from org.codehaus.jackson to com.fasterxml.jackson
[ https://issues.apache.org/jira/browse/OOZIE-3172?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16354333#comment-16354333 ] Andras Piros commented on OOZIE-3172: - [~asasvari] following examples have been run on a local Oozie server, local pseudo-distributed Hadoop 2.6.5 successfully: * {{aggregator}} * {{bundle}} * {{coord-input-logic}} * {{cron}} * {{cron-schedule}} * {{custom-main}} * {{datelist-java-main}} * {{demo}} * {{distcp}} * {{hadoop-el}} * {{java-main}} * {{map-reduce}} * {{no-op}} * {{pig}} * {{shell}} * {{sla}} * {{sqoop}} * {{sqoop-freeform}} * {{streaming}} * {{subwf}} * {{spark}} Didn't try because locally components weren't available / more setup steps would have been needed: * {{hcatalog}} * {{hive}} * {{hive2}} * {{pyspark}} * {{ssh}} I think most potential {{sharelib}} conflicts have been tested with. What are your thoughts? [~gezapeti] are you suggesting to switch to {{test}} inside {{sharelib}} for Jackson dependencies? > Upgrade non-transitive Jackson dependencies from org.codehaus.jackson to > com.fasterxml.jackson > -- > > Key: OOZIE-3172 > URL: https://issues.apache.org/jira/browse/OOZIE-3172 > Project: Oozie > Issue Type: Improvement > Components: core >Affects Versions: 5.0.0b1 >Reporter: Andras Piros >Assignee: Andras Piros >Priority: Major > Attachments: OOZIE-3172.001.patch, OOZIE-3172.002.patch > > > Jackson 1.9.3 is way too old, and has several security vulnerabilities as > well. Jackson 2.9.2 covers most of these. > Let's switch from {{org.codehaus.jackson}} to {{com.fasterxml.jackson}} in > Oozie's direct (non-transitive) dependencies. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (OOZIE-3172) Upgrade non-transitive Jackson dependencies from org.codehaus.jackson to com.fasterxml.jackson
[ https://issues.apache.org/jira/browse/OOZIE-3172?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16355233#comment-16355233 ] Attila Sasvari commented on OOZIE-3172: --- [~andras.piros] thanks for submitting example workflows. Workflows succeeded, so it looks good to me. [~gezapeti] can you answer last question? (If it breaks Hive workflows, we can file a separate JIRA. It would be nice to validate.) > Upgrade non-transitive Jackson dependencies from org.codehaus.jackson to > com.fasterxml.jackson > -- > > Key: OOZIE-3172 > URL: https://issues.apache.org/jira/browse/OOZIE-3172 > Project: Oozie > Issue Type: Improvement > Components: core >Affects Versions: 5.0.0b1 >Reporter: Andras Piros >Assignee: Andras Piros >Priority: Major > Attachments: OOZIE-3172.001.patch, OOZIE-3172.002.patch > > > Jackson 1.9.3 is way too old, and has several security vulnerabilities as > well. Jackson 2.9.2 covers most of these. > Let's switch from {{org.codehaus.jackson}} to {{com.fasterxml.jackson}} in > Oozie's direct (non-transitive) dependencies. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (OOZIE-3172) Upgrade non-transitive Jackson dependencies from org.codehaus.jackson to com.fasterxml.jackson
[ https://issues.apache.org/jira/browse/OOZIE-3172?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16356996#comment-16356996 ] Peter Cseh commented on OOZIE-3172: --- I'll take a look at dependencies, but in theory the server's version of jackson should not affect the version of jackson shipped in the sharelibs. > Upgrade non-transitive Jackson dependencies from org.codehaus.jackson to > com.fasterxml.jackson > -- > > Key: OOZIE-3172 > URL: https://issues.apache.org/jira/browse/OOZIE-3172 > Project: Oozie > Issue Type: Improvement > Components: core >Affects Versions: 5.0.0b1 >Reporter: Andras Piros >Assignee: Andras Piros >Priority: Major > Attachments: OOZIE-3172.001.patch, OOZIE-3172.002.patch > > > Jackson 1.9.3 is way too old, and has several security vulnerabilities as > well. Jackson 2.9.2 covers most of these. > Let's switch from {{org.codehaus.jackson}} to {{com.fasterxml.jackson}} in > Oozie's direct (non-transitive) dependencies. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (OOZIE-3172) Upgrade non-transitive Jackson dependencies from org.codehaus.jackson to com.fasterxml.jackson
[ https://issues.apache.org/jira/browse/OOZIE-3172?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16360817#comment-16360817 ] Attila Sasvari commented on OOZIE-3172: --- +1 > Upgrade non-transitive Jackson dependencies from org.codehaus.jackson to > com.fasterxml.jackson > -- > > Key: OOZIE-3172 > URL: https://issues.apache.org/jira/browse/OOZIE-3172 > Project: Oozie > Issue Type: Improvement > Components: core >Affects Versions: 5.0.0b1 >Reporter: Andras Piros >Assignee: Andras Piros >Priority: Major > Attachments: OOZIE-3172.001.patch, OOZIE-3172.002.patch, > OOZIE-3172.003.patch > > > Jackson 1.9.3 is way too old, and has several security vulnerabilities as > well. Jackson 2.9.2 covers most of these. > Let's switch from {{org.codehaus.jackson}} to {{com.fasterxml.jackson}} in > Oozie's direct (non-transitive) dependencies. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (OOZIE-3172) Upgrade non-transitive Jackson dependencies from org.codehaus.jackson to com.fasterxml.jackson
[ https://issues.apache.org/jira/browse/OOZIE-3172?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16360981#comment-16360981 ] Hadoop QA commented on OOZIE-3172: -- PreCommit-OOZIE-Build started > Upgrade non-transitive Jackson dependencies from org.codehaus.jackson to > com.fasterxml.jackson > -- > > Key: OOZIE-3172 > URL: https://issues.apache.org/jira/browse/OOZIE-3172 > Project: Oozie > Issue Type: Improvement > Components: core >Affects Versions: 5.0.0b1 >Reporter: Andras Piros >Assignee: Andras Piros >Priority: Major > Attachments: OOZIE-3172.001.patch, OOZIE-3172.002.patch, > OOZIE-3172.003.patch > > > Jackson 1.9.3 is way too old, and has several security vulnerabilities as > well. Jackson 2.9.2 covers most of these. > Let's switch from {{org.codehaus.jackson}} to {{com.fasterxml.jackson}} in > Oozie's direct (non-transitive) dependencies. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (OOZIE-3172) Upgrade non-transitive Jackson dependencies from org.codehaus.jackson to com.fasterxml.jackson
[ https://issues.apache.org/jira/browse/OOZIE-3172?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16361149#comment-16361149 ] Hadoop QA commented on OOZIE-3172: -- Testing JIRA OOZIE-3172 Cleaning local git workspace {color:green}+1 PATCH_APPLIES{color} {color:green}+1 CLEAN{color} {color:green}+1 RAW_PATCH_ANALYSIS{color} .{color:green}+1{color} the patch does not introduce any @author tags .{color:green}+1{color} the patch does not introduce any tabs .{color:green}+1{color} the patch does not introduce any trailing spaces .{color:green}+1{color} the patch does not introduce any line longer than 132 .{color:green}+1{color} the patch adds/modifies 2 testcase(s) {color:green}+1 RAT{color} .{color:green}+1{color} the patch does not seem to introduce new RAT warnings {color:green}+1 JAVADOC{color} .{color:green}+1{color} the patch does not seem to introduce new Javadoc warnings .{color:red}WARNING{color}: the current HEAD has 100 Javadoc warning(s) {color:green}+1 COMPILE{color} .{color:green}+1{color} HEAD compiles .{color:green}+1{color} patch compiles .{color:green}+1{color} the patch does not seem to introduce new javac warnings {color:green}+1{color} There are no new bugs found in total. . {color:green}+1{color} There are no new bugs found in [docs]. . {color:green}+1{color} There are no new bugs found in [webapp]. . {color:green}+1{color} There are no new bugs found in [sharelib/distcp]. . {color:green}+1{color} There are no new bugs found in [sharelib/hive]. . {color:green}+1{color} There are no new bugs found in [sharelib/spark]. . {color:green}+1{color} There are no new bugs found in [sharelib/hive2]. . {color:green}+1{color} There are no new bugs found in [sharelib/hcatalog]. . {color:green}+1{color} There are no new bugs found in [sharelib/streaming]. . {color:green}+1{color} There are no new bugs found in [sharelib/pig]. . {color:green}+1{color} There are no new bugs found in [sharelib/sqoop]. . {color:green}+1{color} There are no new bugs found in [sharelib/oozie]. . {color:green}+1{color} There are no new bugs found in [examples]. . {color:green}+1{color} There are no new bugs found in [client]. . {color:green}+1{color} There are no new bugs found in [core]. . {color:green}+1{color} There are no new bugs found in [tools]. . {color:green}+1{color} There are no new bugs found in [server]. {color:green}+1 BACKWARDS_COMPATIBILITY{color} .{color:green}+1{color} the patch does not change any JPA Entity/Colum/Basic/Lob/Transient annotations .{color:green}+1{color} the patch does not modify JPA files {color:green}+1 TESTS{color} .Tests run: 2092 .{color:orange}Tests failed at first run:{color} TestJavaActionExecutor#testCredentialsSkip TestJMSJobEventListener#testConnectionDrop .For the complete list of flaky tests, see TEST-SUMMARY-FULL files. {color:green}+1 DISTRO{color} .{color:green}+1{color} distro tarball builds with the patch {color:green}*+1 Overall result, good!, no -1s*{color} {color:red}. There is at least one warning, please check{color} The full output of the test-patch run is available at . https://builds.apache.org/job/PreCommit-OOZIE-Build/388/ > Upgrade non-transitive Jackson dependencies from org.codehaus.jackson to > com.fasterxml.jackson > -- > > Key: OOZIE-3172 > URL: https://issues.apache.org/jira/browse/OOZIE-3172 > Project: Oozie > Issue Type: Improvement > Components: core >Affects Versions: 5.0.0b1 >Reporter: Andras Piros >Assignee: Andras Piros >Priority: Major > Attachments: OOZIE-3172.001.patch, OOZIE-3172.002.patch, > OOZIE-3172.003.patch > > > Jackson 1.9.3 is way too old, and has several security vulnerabilities as > well. Jackson 2.9.2 covers most of these. > Let's switch from {{org.codehaus.jackson}} to {{com.fasterxml.jackson}} in > Oozie's direct (non-transitive) dependencies. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (OOZIE-3172) Upgrade non-transitive Jackson dependencies from org.codehaus.jackson to com.fasterxml.jackson
[ https://issues.apache.org/jira/browse/OOZIE-3172?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16361175#comment-16361175 ] Andras Piros commented on OOZIE-3172: - Thanks [~asasvari] for the review! [~gezapeti] can you please have another review? > Upgrade non-transitive Jackson dependencies from org.codehaus.jackson to > com.fasterxml.jackson > -- > > Key: OOZIE-3172 > URL: https://issues.apache.org/jira/browse/OOZIE-3172 > Project: Oozie > Issue Type: Improvement > Components: core >Affects Versions: 5.0.0b1 >Reporter: Andras Piros >Assignee: Andras Piros >Priority: Major > Attachments: OOZIE-3172.001.patch, OOZIE-3172.002.patch, > OOZIE-3172.003.patch > > > Jackson 1.9.3 is way too old, and has several security vulnerabilities as > well. Jackson 2.9.2 covers most of these. > Let's switch from {{org.codehaus.jackson}} to {{com.fasterxml.jackson}} in > Oozie's direct (non-transitive) dependencies. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (OOZIE-3172) Upgrade non-transitive Jackson dependencies from org.codehaus.jackson to com.fasterxml.jackson
[ https://issues.apache.org/jira/browse/OOZIE-3172?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16364065#comment-16364065 ] Peter Cseh commented on OOZIE-3172: --- I don't see the servers' jackson versions messing with the sharelibs. +1 > Upgrade non-transitive Jackson dependencies from org.codehaus.jackson to > com.fasterxml.jackson > -- > > Key: OOZIE-3172 > URL: https://issues.apache.org/jira/browse/OOZIE-3172 > Project: Oozie > Issue Type: Improvement > Components: core >Affects Versions: 5.0.0b1 >Reporter: Andras Piros >Assignee: Andras Piros >Priority: Major > Attachments: OOZIE-3172.001.patch, OOZIE-3172.002.patch, > OOZIE-3172.003.patch > > > Jackson 1.9.3 is way too old, and has several security vulnerabilities as > well. Jackson 2.9.2 covers most of these. > Let's switch from {{org.codehaus.jackson}} to {{com.fasterxml.jackson}} in > Oozie's direct (non-transitive) dependencies. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (OOZIE-3172) Upgrade non-transitive Jackson dependencies from org.codehaus.jackson to com.fasterxml.jackson
[ https://issues.apache.org/jira/browse/OOZIE-3172?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16364081#comment-16364081 ] Andras Piros commented on OOZIE-3172: - Thanks [~gezapeti]! Committed to {{master}}. > Upgrade non-transitive Jackson dependencies from org.codehaus.jackson to > com.fasterxml.jackson > -- > > Key: OOZIE-3172 > URL: https://issues.apache.org/jira/browse/OOZIE-3172 > Project: Oozie > Issue Type: Improvement > Components: core >Affects Versions: 5.0.0b1 >Reporter: Andras Piros >Assignee: Andras Piros >Priority: Major > Attachments: OOZIE-3172.001.patch, OOZIE-3172.002.patch, > OOZIE-3172.003.patch > > > Jackson 1.9.3 is way too old, and has several security vulnerabilities as > well. Jackson 2.9.2 covers most of these. > Let's switch from {{org.codehaus.jackson}} to {{com.fasterxml.jackson}} in > Oozie's direct (non-transitive) dependencies. -- This message was sent by Atlassian JIRA (v7.6.3#76005)