[jira] [Commented] (HBASE-23075) Upgrade jackson version
[ https://issues.apache.org/jira/browse/HBASE-23075?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16938712#comment-16938712 ] Hudson commented on HBASE-23075: Results for branch master [build #1484 on builds.a.o|https://builds.apache.org/job/HBase%20Nightly/job/master/1484/]: (x) *{color:red}-1 overall{color}* details (if available): (/) {color:green}+1 general checks{color} -- For more information [see general report|https://builds.apache.org/job/HBase%20Nightly/job/master/1484//General_Nightly_Build_Report/] (x) {color:red}-1 jdk8 hadoop2 checks{color} -- For more information [see jdk8 (hadoop2) report|https://builds.apache.org/job/HBase%20Nightly/job/master/1484//JDK8_Nightly_Build_Report_(Hadoop2)/] (/) {color:green}+1 jdk8 hadoop3 checks{color} -- For more information [see jdk8 (hadoop3) report|https://builds.apache.org/job/HBase%20Nightly/job/master/1484//JDK8_Nightly_Build_Report_(Hadoop3)/] (/) {color:green}+1 source release artifact{color} -- See build output for details. (/) {color:green}+1 client integration test{color} > Upgrade jackson version > --- > > Key: HBASE-23075 > URL: https://issues.apache.org/jira/browse/HBASE-23075 > Project: HBase > Issue Type: Improvement > Components: dependencies, hbase-connectors, REST >Reporter: Nicholas Jiang >Assignee: Nicholas Jiang >Priority: Major > Fix For: 3.0.0, 2.3.0, connector-1.0.1, 2.1.7, 2.2.2 > > > A Polymorphic Typing issue was discovered in FasterXML jackson-databind > before 2.9.10. It is related to com.zaxxer.hikari.HikariDataSource. This is a > different vulnerability than CVE-2019-14540. > https://nvd.nist.gov/vuln/detail/CVE-2019-16335 > A Polymorphic Typing issue was discovered in FasterXML jackson-databind > before 2.9.10. It is related to com.zaxxer.hikari.HikariConfig. > https://nvd.nist.gov/vuln/detail/CVE-2019-14540 -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (HBASE-23075) Upgrade jackson version
[ https://issues.apache.org/jira/browse/HBASE-23075?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16938191#comment-16938191 ] Nicholas Jiang commented on HBASE-23075: [~busbey] Yes, I don't mind,and I will put up a PR to upgrade jackson in the hbase-connectors repo today,thanks. > Upgrade jackson version > --- > > Key: HBASE-23075 > URL: https://issues.apache.org/jira/browse/HBASE-23075 > Project: HBase > Issue Type: Improvement > Components: dependencies, REST >Reporter: Nicholas Jiang >Assignee: Nicholas Jiang >Priority: Major > Fix For: 3.0.0, 2.3.0, 2.1.7, 2.2.2 > > > A Polymorphic Typing issue was discovered in FasterXML jackson-databind > before 2.9.10. It is related to com.zaxxer.hikari.HikariDataSource. This is a > different vulnerability than CVE-2019-14540. > https://nvd.nist.gov/vuln/detail/CVE-2019-16335 > A Polymorphic Typing issue was discovered in FasterXML jackson-databind > before 2.9.10. It is related to com.zaxxer.hikari.HikariConfig. > https://nvd.nist.gov/vuln/detail/CVE-2019-14540 -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (HBASE-23075) Upgrade jackson version
[ https://issues.apache.org/jira/browse/HBASE-23075?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16937772#comment-16937772 ] Sean Busbey commented on HBASE-23075: - thanks for working on this [~nicholasjiang]! I've added you to the contributors group, so you should be able to assign this jira to yourself now. would you mind putting up a PR to upgrade jackson in the {{hbase-connectors}} repo as well? > Upgrade jackson version > --- > > Key: HBASE-23075 > URL: https://issues.apache.org/jira/browse/HBASE-23075 > Project: HBase > Issue Type: Improvement > Components: dependencies, REST >Reporter: Nicholas Jiang >Priority: Major > > A Polymorphic Typing issue was discovered in FasterXML jackson-databind > before 2.9.10. It is related to com.zaxxer.hikari.HikariDataSource. This is a > different vulnerability than CVE-2019-14540. > https://nvd.nist.gov/vuln/detail/CVE-2019-16335 > A Polymorphic Typing issue was discovered in FasterXML jackson-databind > before 2.9.10. It is related to com.zaxxer.hikari.HikariConfig. > https://nvd.nist.gov/vuln/detail/CVE-2019-14540 -- This message was sent by Atlassian Jira (v8.3.4#803005)