Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OAK-9947: upgrade jackson (including databind) to 2.13.4 #712

Merged
merged 4 commits into from Sep 21, 2022
Merged

OAK-9947: upgrade jackson (including databind) to 2.13.4 #712

merged 4 commits into from Sep 21, 2022

Conversation

fabriziofortino
Copy link
Contributor

@fabriziofortino fabriziofortino commented Sep 20, 2022
edited

The original goal of this task was to upgrade jackson-databind since versions before 2.13.0 are affected by CVE-2020-36518.

After upgrading to 2.13.4 some tests in oak-segment-aws were not working (hung indefinitely). aws-java-sdk-s3 uses a less recent version of jackson and it does not work with the latest (it should be upgraded in a separate PR).

In general, jackson should not be in the parent pom dependencies otherwise the libraries with transitive dependencies will be forced to use it (and in some cases, it would not work). The parent pom now contains the jackson.version only. Submodules are required to reference it.

reschke
reschke requested changes Sep 21, 2022
View reviewed changes
Copy link
Contributor

@reschke reschke left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This seems to be inconsistent with how we manage the other dependencies,

If aws-java-sdk-s3 pulls in an incorrect version, we should override that in the project where aws-java-sdk-s3 appears.

reschke
reschke approved these changes Sep 21, 2022
View reviewed changes
Copy link
Contributor

@reschke reschke left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@fabriziofortino fabriziofortino merged commit d8fa29e into apache:trunk Sep 21, 2022
@fabriziofortino fabriziofortino deleted the OAK-9947 branch September 21, 2022 14:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@reschke reschke reschke approved these changes

@joerghoh joerghoh joerghoh approved these changes

@thomasmueller thomasmueller Awaiting requested review from thomasmueller

@tihom88 tihom88 Awaiting requested review from tihom88

@nit0906 nit0906 Awaiting requested review from nit0906

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
3 participants
@fabriziofortino @reschke @joerghoh