Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ZOOKEEPER-3751: upgrade jackson-databind to 2.10 from 2.9 #1341

Closed
wants to merge 1 commit into from
Closed

ZOOKEEPER-3751: upgrade jackson-databind to 2.10 from 2.9 #1341

wants to merge 1 commit into from

Conversation

symat
Copy link
Contributor

@symat symat commented Apr 28, 2020

The original PR (#1283) was only merged to 3.6+ as in 3.5 we also have to change the ant configs. I created a new PR to kick-in the CI also for branch 3.5.

@symat
ZOOKEEPER-3751: upgrade jackson-databind to 2.10 from 2.9
f1c7c29 
The original PR (apache#1283) was only merged to 3.6+, as in 3.5 we also have to change the ant configs.
I created a new PR to kick-in the CI also for branch 3.5.
@symat
Copy link
Contributor Author

symat commented Apr 28, 2020

I executed the admin server related unit tests and also tested manually the admin server with Chrome and with curl. Everything seemed to be fine.

@symat symat requested review from eolivelli and phunt April 28, 2020 14:06
@symat
Copy link
Contributor Author

symat commented Apr 28, 2020

applying this patch on branch-3.5 makes "mvn clean package -DskipTests dependency-check:check" to run successfully

@symat
Copy link
Contributor Author

symat commented Apr 28, 2020

retest ant build

eolivelli
eolivelli approved these changes Apr 28, 2020
View reviewed changes
Copy link
Contributor

@eolivelli eolivelli left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM
merging as soon as ANT build is green

@symat
Copy link
Contributor Author

symat commented Apr 28, 2020

retest ant build

ctubbsii
ctubbsii reviewed Apr 28, 2020
View reviewed changes
Copy link
Member

@ctubbsii ctubbsii left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

FWIW, 2.11.0 was just released.

@symat
Copy link
Contributor Author

symat commented Apr 30, 2020

We only upgrade this to fix some CVEs on branch-3.5. I am not familiar with jackson, but maybe a more mature 2.10.3 is safer in terms of future CVEs than the first 2.11 release would be. But I am happy to do an other upgrade later, if it would be needed.

I'll merge this PR now to branch 3.5.

asfgit pushed a commit that referenced this pull request Apr 30, 2020
@symat
ZOOKEEPER-3751: upgrade jackson-databind to 2.10 from 2.9
c791499 
The original PR (#1283) was only merged to 3.6+ as in 3.5 we also have to change the ant configs. I created a new PR to kick-in the CI also for branch 3.5.

Author: Mate Szalay-Beko <symat@apache.org>

Reviewers: Enrico Olivelli <eolivelli@apache.org>

Closes #1341 from symat/ZOOKEEPER-3751-branch-3.5
@symat symat closed this Apr 30, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ctubbsii ctubbsii ctubbsii left review comments

@eolivelli eolivelli eolivelli approved these changes

@phunt phunt Awaiting requested review from phunt

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
3 participants
@symat @ctubbsii @eolivelli