subject:"\[jira\] \[Commented\] \(HBASE\-20582\) Bump up the Jackson and Jruby version because of some reported vulnerabilities"

[jira] [Commented] (HBASE-20582) Bump up the Jackson and Jruby version because of some reported vulnerabilities

2018-05-16 Thread Josh Elser (JIRA)

[ https://issues.apache.org/jira/browse/HBASE-20582?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16477462#comment-16477462 ] Josh Elser commented on HBASE-20582: {quote}I'm increasingly a hard-liner on "downstr

[jira] [Commented] (HBASE-20582) Bump up the Jackson and Jruby version because of some reported vulnerabilities

2018-05-16 Thread Duo Zhang (JIRA)

[ https://issues.apache.org/jira/browse/HBASE-20582?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16477447#comment-16477447 ] Duo Zhang commented on HBASE-20582: --- {quote} You're right that the shaded-client protec

[jira] [Commented] (HBASE-20582) Bump up the Jackson and Jruby version because of some reported vulnerabilities

2018-05-16 Thread Sean Busbey (JIRA)

[ https://issues.apache.org/jira/browse/HBASE-20582?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16477442#comment-16477442 ] Sean Busbey commented on HBASE-20582: - {quote} bq. I think we have already shaded th

[jira] [Commented] (HBASE-20582) Bump up the Jackson and Jruby version because of some reported vulnerabilities

2018-05-16 Thread Josh Elser (JIRA)

[ https://issues.apache.org/jira/browse/HBASE-20582?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16477432#comment-16477432 ] Josh Elser commented on HBASE-20582: {quote}I think we have already shaded the jackso

[jira] [Commented] (HBASE-20582) Bump up the Jackson and Jruby version because of some reported vulnerabilities

2018-05-15 Thread Duo Zhang (JIRA)

[ https://issues.apache.org/jira/browse/HBASE-20582?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16476672#comment-16476672 ] Duo Zhang commented on HBASE-20582: --- I think we have already shaded the jackson depende

[jira] [Commented] (HBASE-20582) Bump up the Jackson and Jruby version because of some reported vulnerabilities

2018-05-15 Thread Hadoop QA (JIRA)

[ https://issues.apache.org/jira/browse/HBASE-20582?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16476394#comment-16476394 ] Hadoop QA commented on HBASE-20582: --- | (x) *{color:red}-1 overall{color}* | \\ \\ || Vo

[jira] [Commented] (HBASE-20582) Bump up the Jackson and Jruby version because of some reported vulnerabilities

2018-05-15 Thread Josh Elser (JIRA)

[ https://issues.apache.org/jira/browse/HBASE-20582?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16476288#comment-16476288 ] Josh Elser commented on HBASE-20582: {quote}are you up for summarizing what changed t

[jira] [Commented] (HBASE-20582) Bump up the Jackson and Jruby version because of some reported vulnerabilities

2018-05-15 Thread Sean Busbey (JIRA)

[ https://issues.apache.org/jira/browse/HBASE-20582?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16476281#comment-16476281 ] Sean Busbey commented on HBASE-20582: - These aren't big version changes, seems like t

[jira] [Commented] (HBASE-20582) Bump up the Jackson and Jruby version because of some reported vulnerabilities

2018-05-15 Thread Josh Elser (JIRA)

[ https://issues.apache.org/jira/browse/HBASE-20582?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16476270#comment-16476270 ] Josh Elser commented on HBASE-20582: {quote}that only works if we ensure nothing we h

[jira] [Commented] (HBASE-20582) Bump up the Jackson and Jruby version because of some reported vulnerabilities

2018-05-15 Thread Sean Busbey (JIRA)

[ https://issues.apache.org/jira/browse/HBASE-20582?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16476169#comment-16476169 ] Sean Busbey commented on HBASE-20582: - {quote} bq. the shading makes it worse in some

[jira] [Commented] (HBASE-20582) Bump up the Jackson and Jruby version because of some reported vulnerabilities

2018-05-15 Thread Josh Elser (JIRA)

[ https://issues.apache.org/jira/browse/HBASE-20582?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16476161#comment-16476161 ] Josh Elser commented on HBASE-20582: {quote}We shade it in our client, so hopefully.

[jira] [Commented] (HBASE-20582) Bump up the Jackson and Jruby version because of some reported vulnerabilities

2018-05-15 Thread Sean Busbey (JIRA)

[ https://issues.apache.org/jira/browse/HBASE-20582?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16476153#comment-16476153 ] Sean Busbey commented on HBASE-20582: - the shading makes it worse in some sense, btw.

[jira] [Commented] (HBASE-20582) Bump up the Jackson and Jruby version because of some reported vulnerabilities

2018-05-15 Thread Sean Busbey (JIRA)

[ https://issues.apache.org/jira/browse/HBASE-20582?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16476151#comment-16476151 ] Sean Busbey commented on HBASE-20582: - > Is Jackson shade-able? We shade it in our c

[jira] [Commented] (HBASE-20582) Bump up the Jackson and Jruby version because of some reported vulnerabilities

2018-05-15 Thread Sean Busbey (JIRA)

[ https://issues.apache.org/jira/browse/HBASE-20582?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16476148#comment-16476148 ] Sean Busbey commented on HBASE-20582: - yeah that all sounds reasonable. given these t

[jira] [Commented] (HBASE-20582) Bump up the Jackson and Jruby version because of some reported vulnerabilities

2018-05-15 Thread Josh Elser (JIRA)

[ https://issues.apache.org/jira/browse/HBASE-20582?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16476147#comment-16476147 ] Josh Elser commented on HBASE-20582: {quote}Jackson CVE's are remote-code execution g

[jira] [Commented] (HBASE-20582) Bump up the Jackson and Jruby version because of some reported vulnerabilities

2018-05-15 Thread Josh Elser (JIRA)

[ https://issues.apache.org/jira/browse/HBASE-20582?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16476079#comment-16476079 ] Josh Elser commented on HBASE-20582: Jackson CVE's are remote-code execution grade is

[jira] [Commented] (HBASE-20582) Bump up the Jackson and Jruby version because of some reported vulnerabilities

2018-05-14 Thread stack (JIRA)

[ https://issues.apache.org/jira/browse/HBASE-20582?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16475220#comment-16475220 ] stack commented on HBASE-20582: --- I agree w/ [~busbey] Too risky updating libs in hbase-2.0

[jira] [Commented] (HBASE-20582) Bump up the Jackson and Jruby version because of some reported vulnerabilities

2018-05-14 Thread Sean Busbey (JIRA)

[ https://issues.apache.org/jira/browse/HBASE-20582?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16475141#comment-16475141 ] Sean Busbey commented on HBASE-20582: - I'm hesitant to update dependency versions in

[jira] [Commented] (HBASE-20582) Bump up the Jackson and Jruby version because of some reported vulnerabilities

2018-05-14 Thread Josh Elser (JIRA)

[ https://issues.apache.org/jira/browse/HBASE-20582?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16475008#comment-16475008 ] Josh Elser commented on HBASE-20582: {quote}Tool somehow able to relate the vulnerabi

[jira] [Commented] (HBASE-20582) Bump up the Jackson and Jruby version because of some reported vulnerabilities

[jira] [Commented] (HBASE-20582) Bump up the Jackson and Jruby version because of some reported vulnerabilities

[jira] [Commented] (HBASE-20582) Bump up the Jackson and Jruby version because of some reported vulnerabilities

[jira] [Commented] (HBASE-20582) Bump up the Jackson and Jruby version because of some reported vulnerabilities

[jira] [Commented] (HBASE-20582) Bump up the Jackson and Jruby version because of some reported vulnerabilities

[jira] [Commented] (HBASE-20582) Bump up the Jackson and Jruby version because of some reported vulnerabilities

[jira] [Commented] (HBASE-20582) Bump up the Jackson and Jruby version because of some reported vulnerabilities

[jira] [Commented] (HBASE-20582) Bump up the Jackson and Jruby version because of some reported vulnerabilities

[jira] [Commented] (HBASE-20582) Bump up the Jackson and Jruby version because of some reported vulnerabilities

[jira] [Commented] (HBASE-20582) Bump up the Jackson and Jruby version because of some reported vulnerabilities

[jira] [Commented] (HBASE-20582) Bump up the Jackson and Jruby version because of some reported vulnerabilities

[jira] [Commented] (HBASE-20582) Bump up the Jackson and Jruby version because of some reported vulnerabilities

[jira] [Commented] (HBASE-20582) Bump up the Jackson and Jruby version because of some reported vulnerabilities

[jira] [Commented] (HBASE-20582) Bump up the Jackson and Jruby version because of some reported vulnerabilities

[jira] [Commented] (HBASE-20582) Bump up the Jackson and Jruby version because of some reported vulnerabilities

[jira] [Commented] (HBASE-20582) Bump up the Jackson and Jruby version because of some reported vulnerabilities

[jira] [Commented] (HBASE-20582) Bump up the Jackson and Jruby version because of some reported vulnerabilities

[jira] [Commented] (HBASE-20582) Bump up the Jackson and Jruby version because of some reported vulnerabilities

[jira] [Commented] (HBASE-20582) Bump up the Jackson and Jruby version because of some reported vulnerabilities

19 matches

Site Navigation

Mail list logo

Footer information