[jira] [Assigned] (ARROW-1347) List null type should use consistent name for inner field
[ https://issues.apache.org/jira/browse/ARROW-1347?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Steven Phillips reassigned ARROW-1347: -- Assignee: Steven Phillips > List null type should use consistent name for inner field > - > > Key: ARROW-1347 > URL: https://issues.apache.org/jira/browse/ARROW-1347 > Project: Apache Arrow > Issue Type: Bug >Reporter: Steven Phillips >Assignee: Steven Phillips > > The child field for List type has the field name "$data$" in most cases. In > the case that there is not a known type for the List, currently the > getField() method will return a subfield with name "DEFAULT". We should make > this consistent with the rest of the cases. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Assigned] (ARROW-1341) [C++] Deprecate arrow::MakeTable in favor of new ctor from ARROW-1334
[ https://issues.apache.org/jira/browse/ARROW-1341?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Steven Phillips reassigned ARROW-1341: -- Assignee: (was: Steven Phillips) > [C++] Deprecate arrow::MakeTable in favor of new ctor from ARROW-1334 > - > > Key: ARROW-1341 > URL: https://issues.apache.org/jira/browse/ARROW-1341 > Project: Apache Arrow > Issue Type: Bug > Components: C++ >Reporter: Wes McKinney > > Small oversight not doing this already in ARROW-1334 -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Created] (ARROW-1347) List null type should use consistent name for inner field
Steven Phillips created ARROW-1347: -- Summary: List null type should use consistent name for inner field Key: ARROW-1347 URL: https://issues.apache.org/jira/browse/ARROW-1347 Project: Apache Arrow Issue Type: Bug Reporter: Steven Phillips The child field for List type has the field name "$data$" in most cases. In the case that there is not a known type for the List, currently the getField() method will return a subfield with name "DEFAULT". We should make this consistent with the rest of the cases. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Assigned] (ARROW-1341) [C++] Deprecate arrow::MakeTable in favor of new ctor from ARROW-1334
[ https://issues.apache.org/jira/browse/ARROW-1341?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Steven Phillips reassigned ARROW-1341: -- Assignee: Steven Phillips > [C++] Deprecate arrow::MakeTable in favor of new ctor from ARROW-1334 > - > > Key: ARROW-1341 > URL: https://issues.apache.org/jira/browse/ARROW-1341 > Project: Apache Arrow > Issue Type: Bug > Components: C++ >Reporter: Wes McKinney >Assignee: Steven Phillips > > Small oversight not doing this already in ARROW-1334 -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (ARROW-1339) [C++] Use boost::filesystem for handling of platform-specific file path encodings
[ https://issues.apache.org/jira/browse/ARROW-1339?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16122080#comment-16122080 ] Max Risuhin commented on ARROW-1339: [~wesmckinn], it seems that boost::filesystem::path can be used to replace recently introduced `PlatformFilename` struct. I have tried to use [path::wstring|http://www.boost.org/doc/libs/1_53_0/libs/filesystem/doc/reference.html#wstring] and path::string, it seems it works fine. I'm wondering if it was supposed here more changes than just replace `PlatformFilename` struct with `boost::filesystem::path`? > [C++] Use boost::filesystem for handling of platform-specific file path > encodings > - > > Key: ARROW-1339 > URL: https://issues.apache.org/jira/browse/ARROW-1339 > Project: Apache Arrow > Issue Type: Improvement > Components: C++ >Reporter: Wes McKinney >Assignee: Max Risuhin > Fix For: 0.7.0 > > -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Resolved] (ARROW-592) [C++] Provide .deb and .rpm packages
[ https://issues.apache.org/jira/browse/ARROW-592?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Wes McKinney resolved ARROW-592. Resolution: Fixed Assignee: Kouhei Sutou > [C++] Provide .deb and .rpm packages > > > Key: ARROW-592 > URL: https://issues.apache.org/jira/browse/ARROW-592 > Project: Apache Arrow > Issue Type: Wish > Components: C++ > Environment: GNU/Linux >Reporter: Kouhei Sutou >Assignee: Kouhei Sutou >Priority: Minor > Fix For: 0.7.0 > > > If we provide .deb and .rpm packages for C++ Arrow, users can install it > easily. (At least, I'm happy as an user.) > Is there any location to provide .deb and .rpm packages? If it doesn't exist, > how about using https://packagecloud.io/ with "Open Source plan"? We can find > "Open Source plan" by clicking "Looking for free or open-source plans" at > https://packagecloud.io/pricing . -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (ARROW-1346) [Python] pypi packages compatible with setuptools
[ https://issues.apache.org/jira/browse/ARROW-1346?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16121835#comment-16121835 ] Wes McKinney commented on ARROW-1346: - Yeah, I agree that the state of Python packaging continues to be very sad. 26 years into the Python programming language I'm not optimistic that things will get much better > [Python] pypi packages compatible with setuptools > - > > Key: ARROW-1346 > URL: https://issues.apache.org/jira/browse/ARROW-1346 > Project: Apache Arrow > Issue Type: Wish > Components: Python >Affects Versions: 0.5.0 >Reporter: Antony Mayi > Attachments: setup.py > > > setuptools is internally using easy_install for pulling packages from pypi. > easy_install doesn't support wheel so since pyarrow is in pypi distributed > only as wheels it is not possible to package a product depending on pyarrow > using setuptools. > see attached [^setup.py]: > {code} > $ python setup.py test > running test > Searching for pyarrow==0.5.0.post2 > Reading https://pypi.python.org/simple/pyarrow/ > No local packages or working download links found for pyarrow==0.5.0.post2 > error: Could not find suitable distribution for > Requirement.parse('pyarrow==0.5.0.post2') > {code} > It's a shame setuptools don't support wheels. unfortunately it supports only > eggs or raw source packages (see > [distro_for_location|https://github.com/pypa/setuptools/blob/master/setuptools/package_index.py#L112]). > I am not suggesting providing eggs but perhaps publishing raw tar.gz should > be considered so that setuptools can at least build the dependency itself. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Closed] (ARROW-1346) [Python] pypi packages compatible with setuptools
[ https://issues.apache.org/jira/browse/ARROW-1346?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Antony Mayi closed ARROW-1346. -- Resolution: Workaround > [Python] pypi packages compatible with setuptools > - > > Key: ARROW-1346 > URL: https://issues.apache.org/jira/browse/ARROW-1346 > Project: Apache Arrow > Issue Type: Wish > Components: Python >Affects Versions: 0.5.0 >Reporter: Antony Mayi > Attachments: setup.py > > > setuptools is internally using easy_install for pulling packages from pypi. > easy_install doesn't support wheel so since pyarrow is in pypi distributed > only as wheels it is not possible to package a product depending on pyarrow > using setuptools. > see attached [^setup.py]: > {code} > $ python setup.py test > running test > Searching for pyarrow==0.5.0.post2 > Reading https://pypi.python.org/simple/pyarrow/ > No local packages or working download links found for pyarrow==0.5.0.post2 > error: Could not find suitable distribution for > Requirement.parse('pyarrow==0.5.0.post2') > {code} > It's a shame setuptools don't support wheels. unfortunately it supports only > eggs or raw source packages (see > [distro_for_location|https://github.com/pypa/setuptools/blob/master/setuptools/package_index.py#L112]). > I am not suggesting providing eggs but perhaps publishing raw tar.gz should > be considered so that setuptools can at least build the dependency itself. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (ARROW-1346) [Python] pypi packages compatible with setuptools
[ https://issues.apache.org/jira/browse/ARROW-1346?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16121829#comment-16121829 ] Antony Mayi commented on ARROW-1346: Right, that's why said I am not suggesting to publish eggs. No probs. It's just odd that setuptools is still the main python packaging concept that can nicely define dependencies ([even in pyarrow iself|https://github.com/apache/arrow/blob/master/python/setup.py#L371]) and is unable to deploy such packages itself (in case of wheel deps) but needs another tools to resolve its dependencies. But I understand this is not a problem of arrow... > [Python] pypi packages compatible with setuptools > - > > Key: ARROW-1346 > URL: https://issues.apache.org/jira/browse/ARROW-1346 > Project: Apache Arrow > Issue Type: Wish > Components: Python >Affects Versions: 0.5.0 >Reporter: Antony Mayi > Attachments: setup.py > > > setuptools is internally using easy_install for pulling packages from pypi. > easy_install doesn't support wheel so since pyarrow is in pypi distributed > only as wheels it is not possible to package a product depending on pyarrow > using setuptools. > see attached [^setup.py]: > {code} > $ python setup.py test > running test > Searching for pyarrow==0.5.0.post2 > Reading https://pypi.python.org/simple/pyarrow/ > No local packages or working download links found for pyarrow==0.5.0.post2 > error: Could not find suitable distribution for > Requirement.parse('pyarrow==0.5.0.post2') > {code} > It's a shame setuptools don't support wheels. unfortunately it supports only > eggs or raw source packages (see > [distro_for_location|https://github.com/pypa/setuptools/blob/master/setuptools/package_index.py#L112]). > I am not suggesting providing eggs but perhaps publishing raw tar.gz should > be considered so that setuptools can at least build the dependency itself. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (ARROW-1346) [Python] pypi packages compatible with setuptools
[ https://issues.apache.org/jira/browse/ARROW-1346?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16121746#comment-16121746 ] Wes McKinney commented on ARROW-1346: - My understanding is that installing packages via {{setup.py}} (i.e. easy_install) is effectively deprecated, and so it's unlikely we'll support it here. See associated discussion in the TensorFlow issue tracker https://github.com/tensorflow/tensorflow/issues/6540 ("Building and distributing an egg file is not planned for tensorflow, as it is the old deprecated standard. I will close this issue now.") . I would recommend changing your software deployment process to use pip and requirements.txt. You can also use conda to achieve the same result. > [Python] pypi packages compatible with setuptools > - > > Key: ARROW-1346 > URL: https://issues.apache.org/jira/browse/ARROW-1346 > Project: Apache Arrow > Issue Type: Wish > Components: Python >Affects Versions: 0.5.0 >Reporter: Antony Mayi > Attachments: setup.py > > > setuptools is internally using easy_install for pulling packages from pypi. > easy_install doesn't support wheel so since pyarrow is in pypi distributed > only as wheels it is not possible to package a product depending on pyarrow > using setuptools. > see attached [^setup.py]: > {code} > $ python setup.py test > running test > Searching for pyarrow==0.5.0.post2 > Reading https://pypi.python.org/simple/pyarrow/ > No local packages or working download links found for pyarrow==0.5.0.post2 > error: Could not find suitable distribution for > Requirement.parse('pyarrow==0.5.0.post2') > {code} > It's a shame setuptools don't support wheels. unfortunately it supports only > eggs or raw source packages (see > [distro_for_location|https://github.com/pypa/setuptools/blob/master/setuptools/package_index.py#L112]). > I am not suggesting providing eggs but perhaps publishing raw tar.gz should > be considered so that setuptools can at least build the dependency itself. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (ARROW-1346) [Python] pypi packages compatible with setuptools
[ https://issues.apache.org/jira/browse/ARROW-1346?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16121684#comment-16121684 ] Antony Mayi commented on ARROW-1346: I am on linux. Yes, pip works fine, but setuptools is not using pip. Any version of setuptools (I am on the latest 36.2.7). The attached [^setup.py] demonstrates the problem - ie if I am trying to distribute my python project that depends on pyarrow as per the [^setup.py] it won't pull pyarrow out of the box (running the typical {{python setup.py install}} fails as per the error shown above due to the setuptools inability to pull wheels from pypi). > [Python] pypi packages compatible with setuptools > - > > Key: ARROW-1346 > URL: https://issues.apache.org/jira/browse/ARROW-1346 > Project: Apache Arrow > Issue Type: Wish > Components: Python >Affects Versions: 0.5.0 >Reporter: Antony Mayi > Attachments: setup.py > > > setuptools is internally using easy_install for pulling packages from pypi. > easy_install doesn't support wheel so since pyarrow is in pypi distributed > only as wheels it is not possible to package a product depending on pyarrow > using setuptools. > see attached [^setup.py]: > {code} > $ python setup.py test > running test > Searching for pyarrow==0.5.0.post2 > Reading https://pypi.python.org/simple/pyarrow/ > No local packages or working download links found for pyarrow==0.5.0.post2 > error: Could not find suitable distribution for > Requirement.parse('pyarrow==0.5.0.post2') > {code} > It's a shame setuptools don't support wheels. unfortunately it supports only > eggs or raw source packages (see > [distro_for_location|https://github.com/pypa/setuptools/blob/master/setuptools/package_index.py#L112]). > I am not suggesting providing eggs but perhaps publishing raw tar.gz should > be considered so that setuptools can at least build the dependency itself. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Updated] (ARROW-1346) [Python] pypi packages compatible with setuptools
[ https://issues.apache.org/jira/browse/ARROW-1346?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Wes McKinney updated ARROW-1346: Summary: [Python] pypi packages compatible with setuptools (was: pypi packages compatible with setuptools) > [Python] pypi packages compatible with setuptools > - > > Key: ARROW-1346 > URL: https://issues.apache.org/jira/browse/ARROW-1346 > Project: Apache Arrow > Issue Type: Wish > Components: Python >Affects Versions: 0.5.0 >Reporter: Antony Mayi > Attachments: setup.py > > > setuptools is internally using easy_install for pulling packages from pypi. > easy_install doesn't support wheel so since pyarrow is in pypi distributed > only as wheels it is not possible to package a product depending on pyarrow > using setuptools. > see attached [^setup.py]: > {code} > $ python setup.py test > running test > Searching for pyarrow==0.5.0.post2 > Reading https://pypi.python.org/simple/pyarrow/ > No local packages or working download links found for pyarrow==0.5.0.post2 > error: Could not find suitable distribution for > Requirement.parse('pyarrow==0.5.0.post2') > {code} > It's a shame setuptools don't support wheels. unfortunately it supports only > eggs or raw source packages (see > [distro_for_location|https://github.com/pypa/setuptools/blob/master/setuptools/package_index.py#L112]). > I am not suggesting providing eggs but perhaps publishing raw tar.gz should > be considered so that setuptools can at least build the dependency itself. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Comment Edited] (ARROW-1346) pypi packages compatible with setuptools
[ https://issues.apache.org/jira/browse/ARROW-1346?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16121652#comment-16121652 ] Wes McKinney edited comment on ARROW-1346 at 8/10/17 2:06 PM: -- > setuptools is internally using easy_install for pulling packages from pypi. > easy_install doesn't support wheel so since pyarrow is in pypi distributed > only as wheels it is not possible to package a product depending on pyarrow > using setuptools. What version of setuptools? I'm pretty surprised by this. In production deployments I usually see {{pip install -r requirements.txt}}, and pip knows how to install wheels was (Author: wesmckinn): > setuptools is internally using easy_install for pulling packages from pypi. > easy_install doesn't support wheel so since pyarrow is in pypi distributed > only as wheels it is not possible to package a product depending on pyarrow > using setuptools. What version of setuptools? I'm pretty surprised by this. In production deployments I usually see {{pip install -r requirements.txt}}, and pip knows how to install weehsl > pypi packages compatible with setuptools > > > Key: ARROW-1346 > URL: https://issues.apache.org/jira/browse/ARROW-1346 > Project: Apache Arrow > Issue Type: Wish > Components: Python >Affects Versions: 0.5.0 >Reporter: Antony Mayi > Attachments: setup.py > > > setuptools is internally using easy_install for pulling packages from pypi. > easy_install doesn't support wheel so since pyarrow is in pypi distributed > only as wheels it is not possible to package a product depending on pyarrow > using setuptools. > see attached [^setup.py]: > {code} > $ python setup.py test > running test > Searching for pyarrow==0.5.0.post2 > Reading https://pypi.python.org/simple/pyarrow/ > No local packages or working download links found for pyarrow==0.5.0.post2 > error: Could not find suitable distribution for > Requirement.parse('pyarrow==0.5.0.post2') > {code} > It's a shame setuptools don't support wheels. unfortunately it supports only > eggs or raw source packages (see > [distro_for_location|https://github.com/pypa/setuptools/blob/master/setuptools/package_index.py#L112]). > I am not suggesting providing eggs but perhaps publishing raw tar.gz should > be considered so that setuptools can at least build the dependency itself. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (ARROW-1346) pypi packages compatible with setuptools
[ https://issues.apache.org/jira/browse/ARROW-1346?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16121652#comment-16121652 ] Wes McKinney commented on ARROW-1346: - > setuptools is internally using easy_install for pulling packages from pypi. > easy_install doesn't support wheel so since pyarrow is in pypi distributed > only as wheels it is not possible to package a product depending on pyarrow > using setuptools. What version of setuptools? I'm pretty surprised by this. In production deployments I usually see {{pip install -r requirements.txt}}, and pip knows how to install weehsl > pypi packages compatible with setuptools > > > Key: ARROW-1346 > URL: https://issues.apache.org/jira/browse/ARROW-1346 > Project: Apache Arrow > Issue Type: Wish > Components: Python >Affects Versions: 0.5.0 >Reporter: Antony Mayi > Attachments: setup.py > > > setuptools is internally using easy_install for pulling packages from pypi. > easy_install doesn't support wheel so since pyarrow is in pypi distributed > only as wheels it is not possible to package a product depending on pyarrow > using setuptools. > see attached [^setup.py]: > {code} > $ python setup.py test > running test > Searching for pyarrow==0.5.0.post2 > Reading https://pypi.python.org/simple/pyarrow/ > No local packages or working download links found for pyarrow==0.5.0.post2 > error: Could not find suitable distribution for > Requirement.parse('pyarrow==0.5.0.post2') > {code} > It's a shame setuptools don't support wheels. unfortunately it supports only > eggs or raw source packages (see > [distro_for_location|https://github.com/pypa/setuptools/blob/master/setuptools/package_index.py#L112]). > I am not suggesting providing eggs but perhaps publishing raw tar.gz should > be considered so that setuptools can at least build the dependency itself. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (ARROW-1346) pypi packages compatible with setuptools
[ https://issues.apache.org/jira/browse/ARROW-1346?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16121646#comment-16121646 ] Wes McKinney commented on ARROW-1346: - What platform are you on? There are only 0.5.0.post2 binaries for Linux, for the other platforms it is still 0.5.0 https://pypi.python.org/pypi/pyarrow > pypi packages compatible with setuptools > > > Key: ARROW-1346 > URL: https://issues.apache.org/jira/browse/ARROW-1346 > Project: Apache Arrow > Issue Type: Wish > Components: Python >Affects Versions: 0.5.0 >Reporter: Antony Mayi > Attachments: setup.py > > > setuptools is internally using easy_install for pulling packages from pypi. > easy_install doesn't support wheel so since pyarrow is in pypi distributed > only as wheels it is not possible to package a product depending on pyarrow > using setuptools. > see attached [^setup.py]: > {code} > $ python setup.py test > running test > Searching for pyarrow==0.5.0.post2 > Reading https://pypi.python.org/simple/pyarrow/ > No local packages or working download links found for pyarrow==0.5.0.post2 > error: Could not find suitable distribution for > Requirement.parse('pyarrow==0.5.0.post2') > {code} > It's a shame setuptools don't support wheels. unfortunately it supports only > eggs or raw source packages (see > [distro_for_location|https://github.com/pypa/setuptools/blob/master/setuptools/package_index.py#L112]). > I am not suggesting providing eggs but perhaps publishing raw tar.gz should > be considered so that setuptools can at least build the dependency itself. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Created] (ARROW-1346) pypi packages compatible with setuptools
Antony Mayi created ARROW-1346: -- Summary: pypi packages compatible with setuptools Key: ARROW-1346 URL: https://issues.apache.org/jira/browse/ARROW-1346 Project: Apache Arrow Issue Type: Wish Components: Python Affects Versions: 0.5.0 Reporter: Antony Mayi Attachments: setup.py setuptools is internally using easy_install for pulling packages from pypi. easy_install doesn't support wheel so since pyarrow is in pypi distributed only as wheels it is not possible to package a product depending on pyarrow using setuptools. see attached [^setup.py]: {code} $ python setup.py test running test Searching for pyarrow==0.5.0.post2 Reading https://pypi.python.org/simple/pyarrow/ No local packages or working download links found for pyarrow==0.5.0.post2 error: Could not find suitable distribution for Requirement.parse('pyarrow==0.5.0.post2') {code} It's a shame setuptools don't support wheels. unfortunately it supports only eggs or raw source packages (see [distro_for_location|https://github.com/pypa/setuptools/blob/master/setuptools/package_index.py#L112]). I am not suggesting providing eggs but perhaps publishing raw tar.gz should be considered so that setuptools can at least build the dependency itself. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Comment Edited] (ARROW-1242) [Java] security - upgrade Jackson to mitigate 3 CVE vulnerabilities
[ https://issues.apache.org/jira/browse/ARROW-1242?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16121263#comment-16121263 ] Matt Darwin edited comment on ARROW-1242 at 8/10/17 8:50 AM: - Sorry [~wesmckinn], there was a bug in my PR and it's not changed the Jackson version. java/pom.xml defines a {{jackson.version}} variable, but in java/vector/pom.xml it doesn't use that variable. I've changed it in my branch and have submitted a new PR [#957|https://github.com/apache/arrow/pull/957] . was (Author: mdarwin): Sorry [~wesmckinn], there was a bug in my PR and it's not changed the Jackson version. java/pom.xml defines a {{jackson.version}} variable, but in java/vector/pom.xml it doesn't use that variable. I've changed it in my branch and have submitted a new PR [PR 957|https://github.com/apache/arrow/pull/957] . > [Java] security - upgrade Jackson to mitigate 3 CVE vulnerabilities > --- > > Key: ARROW-1242 > URL: https://issues.apache.org/jira/browse/ARROW-1242 > Project: Apache Arrow > Issue Type: Bug > Components: Java - Memory, Java - Vectors >Affects Versions: 0.4.1 >Reporter: Matt Darwin >Assignee: Matt Darwin > Fix For: 0.6.0 > > > please consider upgrading jackson to mitigate its various vulnerabilities in > 2.7.1: > https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=jackson > see also > https://github.com/FasterXML/jackson-databind/issues/1599 -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Comment Edited] (ARROW-1242) [Java] security - upgrade Jackson to mitigate 3 CVE vulnerabilities
[ https://issues.apache.org/jira/browse/ARROW-1242?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16121263#comment-16121263 ] Matt Darwin edited comment on ARROW-1242 at 8/10/17 8:49 AM: - Sorry [~wesmckinn], there was a bug in my PR and it's not changed the Jackson version. java/pom.xml defines a {{jackson.version}} variable, but in java/vector/pom.xml it doesn't use that variable. I've changed it in my branch and have submitted a new PR [PR 957|https://github.com/apache/arrow/pull/957] . was (Author: mdarwin): Sorry [~wesmckinn], there was a bug in my PR and it's not changed the Jackson version. java/pom.xml defines a {{jackson.version}} variable, but in java/vector/pom.xml it doesn't use that variable. I've changed it in my branch and have submitted a new PR #957. > [Java] security - upgrade Jackson to mitigate 3 CVE vulnerabilities > --- > > Key: ARROW-1242 > URL: https://issues.apache.org/jira/browse/ARROW-1242 > Project: Apache Arrow > Issue Type: Bug > Components: Java - Memory, Java - Vectors >Affects Versions: 0.4.1 >Reporter: Matt Darwin >Assignee: Matt Darwin > Fix For: 0.6.0 > > > please consider upgrading jackson to mitigate its various vulnerabilities in > 2.7.1: > https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=jackson > see also > https://github.com/FasterXML/jackson-databind/issues/1599 -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Comment Edited] (ARROW-1242) [Java] security - upgrade Jackson to mitigate 3 CVE vulnerabilities
[ https://issues.apache.org/jira/browse/ARROW-1242?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16121263#comment-16121263 ] Matt Darwin edited comment on ARROW-1242 at 8/10/17 8:48 AM: - Sorry [~wesmckinn], there was a bug in my PR and it's not changed the Jackson version. java/pom.xml defines a {{jackson.version}} variable, but in java/vector/pom.xml it doesn't use that variable. I've changed it in my branch and have submitted a new PR #957. was (Author: mdarwin): Sorry, there was a bug in my PR and it's not changed the Jackson version. java/pom.xml defines a {{jackson.version}} variable, but in java/vector/pom.xml it doesn't use that variable. I've changed it in my branch and have submitted a new PR #957. > [Java] security - upgrade Jackson to mitigate 3 CVE vulnerabilities > --- > > Key: ARROW-1242 > URL: https://issues.apache.org/jira/browse/ARROW-1242 > Project: Apache Arrow > Issue Type: Bug > Components: Java - Memory, Java - Vectors >Affects Versions: 0.4.1 >Reporter: Matt Darwin >Assignee: Matt Darwin > Fix For: 0.6.0 > > > please consider upgrading jackson to mitigate its various vulnerabilities in > 2.7.1: > https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=jackson > see also > https://github.com/FasterXML/jackson-databind/issues/1599 -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Issue Comment Deleted] (ARROW-1242) [Java] security - upgrade Jackson to mitigate 3 CVE vulnerabilities
[ https://issues.apache.org/jira/browse/ARROW-1242?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Matt Darwin updated ARROW-1242: --- Comment: was deleted (was: Sorry, there was a bug in my PR and it's not changed the Jackson version. java/pom.xml defines a {{jackson.version}} variable, but in java/vector/pom.xml it doesn't use that variable. I've changed it in the branch and will submit a new PR.) > [Java] security - upgrade Jackson to mitigate 3 CVE vulnerabilities > --- > > Key: ARROW-1242 > URL: https://issues.apache.org/jira/browse/ARROW-1242 > Project: Apache Arrow > Issue Type: Bug > Components: Java - Memory, Java - Vectors >Affects Versions: 0.4.1 >Reporter: Matt Darwin >Assignee: Matt Darwin > Fix For: 0.6.0 > > > please consider upgrading jackson to mitigate its various vulnerabilities in > 2.7.1: > https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=jackson > see also > https://github.com/FasterXML/jackson-databind/issues/1599 -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Reopened] (ARROW-1242) [Java] security - upgrade Jackson to mitigate 3 CVE vulnerabilities
[ https://issues.apache.org/jira/browse/ARROW-1242?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Matt Darwin reopened ARROW-1242: Sorry, there was a bug in my PR and it's not changed the Jackson version. java/pom.xml defines a {{jackson.version}} variable, but in java/vector/pom.xml it doesn't use that variable. I've changed it in my branch and have submitted a new PR #957. > [Java] security - upgrade Jackson to mitigate 3 CVE vulnerabilities > --- > > Key: ARROW-1242 > URL: https://issues.apache.org/jira/browse/ARROW-1242 > Project: Apache Arrow > Issue Type: Bug > Components: Java - Memory, Java - Vectors >Affects Versions: 0.4.1 >Reporter: Matt Darwin >Assignee: Matt Darwin > Fix For: 0.6.0 > > > please consider upgrading jackson to mitigate its various vulnerabilities in > 2.7.1: > https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=jackson > see also > https://github.com/FasterXML/jackson-databind/issues/1599 -- This message was sent by Atlassian JIRA (v6.4.14#64029)