[
https://issues.apache.org/jira/browse/YARN-11498?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17727985#comment-17727985
]
ASF GitHub Bot commented on YARN-11498:
---------------------------------------
tomicooler commented on PR #5623:
URL: https://github.com/apache/hadoop/pull/5623#issuecomment-1570310784
Hi @devaspatikrishnatri ,
you can re-trigger the build by creating an empty commit `git commit
--allow-empty -m "Trigger the jenkins job"` then pushing it to your fork's
branch `git push origin HADOOP-18732`.
I think the reason for this exclusion should be documented in the Jira, as
far as I know the reason being:
```
An older version of Jetty is being pulled in by jersey-json artifact in
hadoop-yarn-common, which contains CVEs.
```
https://mvnrepository.com/artifact/com.sun.jersey/jersey-json/1.19.4
BTW jackson-mapper-asl 1.9.2 has also 2 CVEs
(https://mvnrepository.com/artifact/org.codehaus.jackson/jackson-mapper-asl/1.9.2).
> Exclude Jettison from jersey-json artifact in hadoop-yarn-common's pom.xml
> --------------------------------------------------------------------------
>
> Key: YARN-11498
> URL: https://issues.apache.org/jira/browse/YARN-11498
> Project: Hadoop YARN
> Issue Type: Task
> Components: build
> Reporter: Devaspati Krishnatri
> Priority: Major
> Labels: pull-request-available
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org
