Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

HIVE-28073: Upgrade jackson version to 2.16.1 #5081

Merged
merged 1 commit into from Mar 3, 2024
Merged

HIVE-28073: Upgrade jackson version to 2.16.1 #5081

merged 1 commit into from Mar 3, 2024

Conversation

armitage420
Copy link
Contributor

@armitage420 armitage420 commented Feb 12, 2024
edited

What changes were proposed in this pull request?

Bump jackson from 2.13.5 to 2.16.1

Why are the changes needed?

Jackson-databind through 2.15.2 allows attackers to cause a denial of service or other unspecified impact via a crafted object that uses cyclic dependencies.
https://nvd.nist.gov/vuln/detail/CVE-2023-35116
FasterXML/jackson-databind#3972

Does this PR introduce any user-facing change?

No

Is the change a dependency upgrade?

Yes
jacksonTree.txt

How was this patch tested?

Manually

@armitage420 armitage420 changed the title HIVE-28073: Upgrade jackson to 2.15.0 HIVE-28073: Upgrade jackson version to 2.16.1 Feb 20, 2024
@sonarcloud SonarCloud
Copy link

sonarcloud bot commented Feb 21, 2024

Quality Gate Passed Quality Gate passed

Issues
3 New issues

Measures
0 Security Hotspots
No data about Coverage
No data about Duplication

See analysis details on SonarCloud

ayushtkn
ayushtkn approved these changes Feb 26, 2024
View reviewed changes
Copy link
Member

@ayushtkn ayushtkn left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@ayushtkn
Copy link
Member

FYI. Will hold merging for couple of days till 4.0 branch is rebased, to avoid any last minute surprises in the release, should be done by this week

@ayushtkn ayushtkn merged commit a4d4b9b into apache:master Mar 3, 2024
5 checks passed
deniskuzZ pushed a commit that referenced this pull request Mar 5, 2024
@armitage420 @deniskuzZ
HIVE-28073: Upgrade jackson to 2.16.1 (#5081). (Araika Singh, reviewe…
7336b01 
…d by Ayush Saxena)

(cherry picked from commit a4d4b9b)
dengzhhu653 pushed a commit to dengzhhu653/hive that referenced this pull request Mar 7, 2024
@armitage420 @dengzhhu653
HIVE-28073: Upgrade jackson to 2.16.1 (apache#5081). (Araika Singh, r…
723232c 
…eviewed by Ayush Saxena)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ayushtkn ayushtkn ayushtkn approved these changes

Assignees
No one assigned
Labels
tests passed
Projects
None yet
Milestone
No milestone
3 participants
@armitage420 @ayushtkn @asf-ci-hive