From common-issues-return-205350-archive-asf-public=cust-asf.ponee.io@hadoop.apache.org Tue Sep 8 18:14:05 2020 Return-Path: X-Original-To: archive-asf-public@cust-asf.ponee.io Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mailroute1-lw-us.apache.org (mailroute1-lw-us.apache.org [207.244.88.153]) by mx-eu-01.ponee.io (Postfix) with ESMTPS id E0175180674 for ; Tue, 8 Sep 2020 20:14:04 +0200 (CEST) Received: from mail.apache.org (localhost [127.0.0.1]) by mailroute1-lw-us.apache.org (ASF Mail Server at mailroute1-lw-us.apache.org) with SMTP id 17654121C74 for ; Tue, 8 Sep 2020 18:14:04 +0000 (UTC) Received: (qmail 8485 invoked by uid 500); 8 Sep 2020 18:14:03 -0000 Mailing-List: contact common-issues-help@hadoop.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Delivered-To: mailing list common-issues@hadoop.apache.org Received: (qmail 8378 invoked by uid 99); 8 Sep 2020 18:14:03 -0000 Received: from mailrelay1-us-west.apache.org (HELO mailrelay1-us-west.apache.org) (209.188.14.139) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 08 Sep 2020 18:14:03 +0000 Received: from jira-he-de.apache.org (static.172.67.40.188.clients.your-server.de [188.40.67.172]) by mailrelay1-us-west.apache.org (ASF Mail Server at mailrelay1-us-west.apache.org) with ESMTP id 3671C43E5B for ; Tue, 8 Sep 2020 18:14:02 +0000 (UTC) Received: from jira-he-de.apache.org (localhost.localdomain [127.0.0.1]) by jira-he-de.apache.org (ASF Mail Server at jira-he-de.apache.org) with ESMTP id 6635D78259A for ; Tue, 8 Sep 2020 18:14:00 +0000 (UTC) Date: Tue, 8 Sep 2020 18:14:00 +0000 (UTC) From: "Jonathan Turner Eagles (Jira)" To: common-issues@hadoop.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Commented] (HADOOP-17249) Upgrade jackson-databind to 2.10 on branch-2.10 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/HADOOP-17249?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17192372#comment-17192372 ] Jonathan Turner Eagles commented on HADOOP-17249: ------------------------------------------------- Usually with libraries such as jackson, API breaking changes are NOT upgraded within the same hadoop minor version (say 2.10.0 -> 2.10.1). Instead they are upgraded in new hadoop minor version (say 2.11.0). Without shading, this will impact customers, and will make it difficult for downstream products to maintain compatibility. Many of the vulnerabilities that have been found with jackson and others aren't a problem in hadoop as its usage can't be exploited. In this case I would suggest a minor version upgrade that contains the fixes. As to jackson-databind, this version needs to align with jackson library as there are compatibility issues as well. Lastly, when upgrading to an incompatible library please mark the jira as an incompatible change to make sure it gains the proper attention. > Upgrade jackson-databind to 2.10 on branch-2.10 > ----------------------------------------------- > > Key: HADOOP-17249 > URL: https://issues.apache.org/jira/browse/HADOOP-17249 > Project: Hadoop Common > Issue Type: Improvement > Affects Versions: 2.10.0 > Reporter: Masatake Iwasaki > Assignee: Masatake Iwasaki > Priority: Major > Labels: pull-request-available > Time Spent: 20m > Remaining Estimate: 0h > > This is filed to test backporting HADOOP-16905 to branch-2.10. -- This message was sent by Atlassian Jira (v8.3.4#803005) --------------------------------------------------------------------- To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org For additional commands, e-mail: common-issues-help@hadoop.apache.org