Skip to content

HDDS-7209. Bump Jersey2 to 2.34#3745

Merged
adoroszlai merged 1 commit intoapache:masterfrom
adoroszlai:HDDS-7209
Sep 14, 2022
Merged

HDDS-7209. Bump Jersey2 to 2.34#3745
adoroszlai merged 1 commit intoapache:masterfrom
adoroszlai:HDDS-7209

Conversation

@adoroszlai
Copy link
Contributor

@adoroszlai adoroszlai commented Sep 9, 2022

What changes were proposed in this pull request?

Upgrade Jersey 2.33 to 2.34 due to CVE-2021-28168.

https://issues.apache.org/jira/browse/HDDS-7209

How was this patch tested?

Regular CI:
https://github.com/adoroszlai/hadoop-ozone/actions/runs/3024130363

@adoroszlai adoroszlai self-assigned this Sep 9, 2022
@adoroszlai adoroszlai added the dependencies Pull requests that update a dependency file label Sep 9, 2022
ayushtkn
ayushtkn approved these changes Sep 13, 2022
View reviewed changes
Copy link
Member

@ayushtkn ayushtkn left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM.
Well 2.37 is the latest in 2.x line, but I suppose there would be a reason to bump just to 2.34, and anyway I find Jersey/Jackson and family quite dangerous, they aren't very backward compatible, I am happy just moving a version up to just get rid of the CVE. :-)

@adoroszlai adoroszlai merged commit 15fcb73 into apache:master Sep 14, 2022
@adoroszlai adoroszlai deleted the HDDS-7209 branch September 14, 2022 07:08
@adoroszlai
Copy link
Contributor Author

adoroszlai commented Sep 14, 2022

Thanks @ayushtkn for the review.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ayushtkn ayushtkn ayushtkn approved these changes

Assignees

@adoroszlai adoroszlai

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@adoroszlai @ayushtkn

Comments