HBASE-27424 Upgrade Jettison for CVE-2022-40149/40150

[apurtell]

Jettison versions <= 1.5.0 are subject to CVE-2022-40149 and CVE-2022-40150.

Move jettison.version to 1.5.1.

[apurtell]

Checked before push with tests in hbase-rest. All passed.

[Apache-HBase]

🎊 +1 overall

Vote	Subsystem	Runtime	Comment
+0 🆗	reexec	0m 40s	Docker mode activated.
		_ Prechecks _
+1 💚	dupname	0m 0s	No case conflicting files found.
+1 💚	@author	0m 0s	The patch does not contain any @author tags.
		_ master Compile Tests _
+1 💚	mvninstall	2m 30s	master passed
+1 💚	compile	6m 14s	master passed
+1 💚	spotless	0m 39s	branch has no errors when running spotless:check.
		_ Patch Compile Tests _
+1 💚	mvninstall	2m 6s	the patch passed
+1 💚	compile	6m 14s	the patch passed
+1 💚	javac	6m 14s	the patch passed
+1 💚	whitespace	0m 0s	The patch has no whitespace issues.
+1 💚	xml	0m 0s	The patch has no ill-formed XML file.
+1 💚	hadoopcheck	8m 23s	Patch does not cause any errors with Hadoop 3.2.4 3.3.4.
+1 💚	spotless	0m 37s	patch has no errors when running spotless:check.
		_ Other Tests _
+1 💚	asflicense	0m 11s	The patch does not generate ASF License warnings.
		32m 41s

Subsystem	Report/Notes
Docker	ClientAPI=1.41 ServerAPI=1.41 base: https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-4822/1/artifact/yetus-general-check/output/Dockerfile
GITHUB PR	#4822
Optional Tests	dupname asflicense javac hadoopcheck spotless xml compile
uname	Linux 9f9094cb2a8c 5.4.0-1081-aws #88~18.04.1-Ubuntu SMP Thu Jun 23 16:29:17 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
Build tool	maven
Personality	dev-support/hbase-personality.sh
git revision	master / 8d2efc8
Default Java	Temurin-1.8.0_345-b01
Max. process+thread count	139 (vs. ulimit of 30000)
modules	C: . U: .
Console output	https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-4822/1/console
versions	git=2.17.1 maven=3.6.3
Powered by	Apache Yetus 0.12.0 https://yetus.apache.org

This message was automatically generated.

[Apache9]

The jettison dependency is introduced by hadoop. I'm not sure whether upgrading jettison directly will break hadoop.

There is a related issue in hadoop to fix jettison.

https://issues.apache.org/jira/browse/HADOOP-18468

Let's check the PR there first to see if there are any breaking changes.

[Apache9]

Seems the PR in hadoop side is also just a version upgrading, the only code change is for trunk branch and in test code.

+1

[Apache-HBase]

🎊 +1 overall

Vote	Subsystem	Runtime	Comment
+0 🆗	reexec	1m 3s	Docker mode activated.
-0 ⚠️	yetus	0m 2s	Unprocessed flag(s): --brief-report-file --spotbugs-strict-precheck --whitespace-eol-ignore-list --whitespace-tabs-ignore-list --quick-hadoopcheck
		_ Prechecks _
		_ master Compile Tests _
+1 💚	mvninstall	2m 48s	master passed
+1 💚	compile	1m 53s	master passed
+1 💚	shadedjars	3m 48s	branch has no errors when building our shaded downstream artifacts.
+1 💚	javadoc	1m 58s	master passed
		_ Patch Compile Tests _
+1 💚	mvninstall	2m 34s	the patch passed
+1 💚	compile	1m 53s	the patch passed
+1 💚	javac	1m 53s	the patch passed
+1 💚	shadedjars	3m 50s	patch has no errors when building our shaded downstream artifacts.
+1 💚	javadoc	1m 56s	the patch passed
		_ Other Tests _
+1 💚	unit	272m 48s	root in the patch passed.
		297m 17s

Subsystem	Report/Notes
Docker	ClientAPI=1.41 ServerAPI=1.41 base: https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-4822/1/artifact/yetus-jdk11-hadoop3-check/output/Dockerfile
GITHUB PR	#4822
Optional Tests	javac javadoc unit shadedjars compile
uname	Linux 6bb20269c2ae 5.4.0-124-generic #140-Ubuntu SMP Thu Aug 4 02:23:37 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
Build tool	maven
Personality	dev-support/hbase-personality.sh
git revision	master / 8d2efc8
Default Java	Eclipse Adoptium-11.0.16.1+1
Test Results	https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-4822/1/testReport/
Max. process+thread count	4743 (vs. ulimit of 30000)
modules	C: . U: .
Console output	https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-4822/1/console
versions	git=2.17.1 maven=3.6.3
Powered by	Apache Yetus 0.12.0 https://yetus.apache.org

This message was automatically generated.

[Apache-HBase]

💔 -1 overall

Vote	Subsystem	Runtime	Comment
+0 🆗	reexec	1m 29s	Docker mode activated.
-0 ⚠️	yetus	0m 2s	Unprocessed flag(s): --brief-report-file --spotbugs-strict-precheck --whitespace-eol-ignore-list --whitespace-tabs-ignore-list --quick-hadoopcheck
		_ Prechecks _
		_ master Compile Tests _
+1 💚	mvninstall	3m 4s	master passed
+1 💚	compile	1m 52s	master passed
+1 💚	shadedjars	5m 54s	branch has no errors when building our shaded downstream artifacts.
+1 💚	javadoc	3m 13s	master passed
		_ Patch Compile Tests _
+1 💚	mvninstall	3m 51s	the patch passed
+1 💚	compile	2m 23s	the patch passed
+1 💚	javac	2m 23s	the patch passed
+1 💚	shadedjars	4m 50s	patch has no errors when building our shaded downstream artifacts.
+1 💚	javadoc	1m 44s	the patch passed
		_ Other Tests _
-1 ❌	unit	410m 41s	root in the patch failed.
		441m 19s

Subsystem	Report/Notes
Docker	ClientAPI=1.41 ServerAPI=1.41 base: https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-4822/1/artifact/yetus-jdk8-hadoop3-check/output/Dockerfile
GITHUB PR	#4822
Optional Tests	javac javadoc unit shadedjars compile
uname	Linux b193595b5fae 5.4.0-122-generic #138-Ubuntu SMP Wed Jun 22 15:00:31 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
Build tool	maven
Personality	dev-support/hbase-personality.sh
git revision	master / 8d2efc8
Default Java	Temurin-1.8.0_345-b01
unit	https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-4822/1/artifact/yetus-jdk8-hadoop3-check/output/patch-unit-root.txt
Test Results	https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-4822/1/testReport/
Max. process+thread count	2341 (vs. ulimit of 30000)
modules	C: . U: .
Console output	https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-4822/1/console
versions	git=2.17.1 maven=3.6.3
Powered by	Apache Yetus 0.12.0 https://yetus.apache.org

This message was automatically generated.