[ https://issues.apache.org/jira/browse/YARN-11498?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17764716#comment-17764716 ]
ASF GitHub Bot commented on YARN-11498: --------------------------------------- pjfanning commented on PR #5786: URL: https://github.com/apache/hadoop/pull/5786#issuecomment-1717752218 @slfan1989 @steveloughran Would it be possible to merge this? If #5623 is useful, it seems that we should be consistent and apply the exclusion everywhere jersey-json is used. > Exclude Jettison from jersey-json artifact in hadoop-yarn-common's pom.xml > -------------------------------------------------------------------------- > > Key: YARN-11498 > URL: https://issues.apache.org/jira/browse/YARN-11498 > Project: Hadoop YARN > Issue Type: Task > Components: build > Reporter: Devaspati Krishnatri > Priority: Major > Labels: pull-request-available > Fix For: 3.4.0 > > > This exclusion is done to reduce CVEs present due to an older version of > Jettison(1.1) being pulled in with jersey-json artifact. -- This message was sent by Atlassian Jira (v8.20.10#820010) --------------------------------------------------------------------- To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org