From e1a610b47c5c68eb42d79ce48a3b8b6d7fbca037 Mon Sep 17 00:00:00 2001 From: Nihal Jain Date: Mon, 4 Nov 2024 11:10:44 +0530 Subject: [PATCH] HBASE-28943 Remove all jackson 1.x dependencies for hadoop-3 profile, since all jackson 1.x versions have vulnerabilities (#6405) (#6413) - Building hbase with hadoop-3 profile on branch-2, still requires jackson 1.x jars, which has vulnerabilities. Ideally these should not be needed as with HADOOP-13332 hadoop has already "Remove jackson 1.9.13 and switch all jackson code to 2.x code line" for branch-3. - Also in HBASE-27148, where we worked on "Move minimum hadoop 3 support version to 3.2.3", where we had done a similar cleanup for branch-3; but somehow we missed to port the relevant changes to the branch-2 backport of same jira. This task is to take care of this so that we do not need jackson 1.x to build/run hbase with hadoop-3 profile on branch-2.x. Signed-off-by: Duo Zhang Signed-off-by: Nick Dimiduk (cherry picked from commit 41621f02759412ec47cff800c54a2452257248c3) --- .../hbase-shaded-client-byo-hadoop/pom.xml | 32 ------------------- hbase-shaded/hbase-shaded-mapreduce/pom.xml | 32 ------------------- .../hbase-shaded-testing-util-tester/pom.xml | 26 +++++++++++---- .../hbase-shaded-testing-util/pom.xml | 12 +++---- 4 files changed, 26 insertions(+), 76 deletions(-) diff --git a/hbase-shaded/hbase-shaded-client-byo-hadoop/pom.xml b/hbase-shaded/hbase-shaded-client-byo-hadoop/pom.xml index f636485d25d2..1e6a3eb4e649 100644 --- a/hbase-shaded/hbase-shaded-client-byo-hadoop/pom.xml +++ b/hbase-shaded/hbase-shaded-client-byo-hadoop/pom.xml @@ -140,38 +140,6 @@ hadoop-common provided - - org.codehaus.jackson - jackson-jaxrs - 1.9.13 - provided - - - org.codehaus.jackson - jackson-mapper-asl - - - org.codehaus.jackson - jackson-core-asl - - - - - org.codehaus.jackson - jackson-xc - 1.9.13 - provided - - - org.codehaus.jackson - jackson-mapper-asl - - - org.codehaus.jackson - jackson-core-asl - - - diff --git a/hbase-shaded/hbase-shaded-mapreduce/pom.xml b/hbase-shaded/hbase-shaded-mapreduce/pom.xml index 1b590f0d0421..02a63ecd30e8 100644 --- a/hbase-shaded/hbase-shaded-mapreduce/pom.xml +++ b/hbase-shaded/hbase-shaded-mapreduce/pom.xml @@ -359,38 +359,6 @@ - - org.codehaus.jackson - jackson-jaxrs - 1.9.13 - provided - - - org.codehaus.jackson - jackson-mapper-asl - - - org.codehaus.jackson - jackson-core-asl - - - - - org.codehaus.jackson - jackson-xc - 1.9.13 - provided - - - org.codehaus.jackson - jackson-mapper-asl - - - org.codehaus.jackson - jackson-core-asl - - - diff --git a/hbase-shaded/hbase-shaded-testing-util-tester/pom.xml b/hbase-shaded/hbase-shaded-testing-util-tester/pom.xml index 3ca535f59424..9c870afde1f6 100644 --- a/hbase-shaded/hbase-shaded-testing-util-tester/pom.xml +++ b/hbase-shaded/hbase-shaded-testing-util-tester/pom.xml @@ -83,12 +83,26 @@ hbase-shaded-testing-util test - - org.codehaus.jackson - jackson-mapper-asl - 1.9.13 - test - + + + hadoop-2.0 + + + + + !hadoop.profile + + + + + org.codehaus.jackson + jackson-mapper-asl + 1.9.13 + test + + + + diff --git a/hbase-shaded/hbase-shaded-testing-util/pom.xml b/hbase-shaded/hbase-shaded-testing-util/pom.xml index 3a42981c369b..b3181e6f5202 100644 --- a/hbase-shaded/hbase-shaded-testing-util/pom.xml +++ b/hbase-shaded/hbase-shaded-testing-util/pom.xml @@ -74,12 +74,6 @@ test-jar compile - - org.codehaus.jackson - jackson-jaxrs - 1.9.13 - compile - org.apache.hbase hbase-testing-util @@ -186,6 +180,12 @@ test-jar compile + + org.codehaus.jackson + jackson-jaxrs + 1.9.13 + compile +