Skip to content

HDDS-7209. Bump Jersey2 to 2.34#3745

Merged
adoroszlai merged 1 commit intoapache:masterfrom
adoroszlai:HDDS-7209
Sep 14, 2022
Merged

HDDS-7209. Bump Jersey2 to 2.34#3745
adoroszlai merged 1 commit intoapache:masterfrom
adoroszlai:HDDS-7209

Conversation

@adoroszlai
Copy link
Contributor

What changes were proposed in this pull request?

Upgrade Jersey 2.33 to 2.34 due to CVE-2021-28168.

https://issues.apache.org/jira/browse/HDDS-7209

How was this patch tested?

Regular CI:
https://github.com/adoroszlai/hadoop-ozone/actions/runs/3024130363

@adoroszlai adoroszlai self-assigned this Sep 9, 2022
@adoroszlai adoroszlai added the dependencies Pull requests that update a dependency file label Sep 9, 2022
Copy link
Member

@ayushtkn ayushtkn left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM.
Well 2.37 is the latest in 2.x line, but I suppose there would be a reason to bump just to 2.34, and anyway I find Jersey/Jackson and family quite dangerous, they aren't very backward compatible, I am happy just moving a version up to just get rid of the CVE. :-)

@adoroszlai adoroszlai merged commit 15fcb73 into apache:master Sep 14, 2022
@adoroszlai adoroszlai deleted the HDDS-7209 branch September 14, 2022 07:08
@adoroszlai
Copy link
Contributor Author

Thanks @ayushtkn for the review.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants

Comments