Jackson version updation

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Jackson version updation

Pavithra R

In spark master branch, the version of Jackson jars have been upgraded to 2.9.9

https://github.com/apache/spark/commit/bd8732300385ad99d2cec3a4af49953d8925eaf6

 

[SPARK-27757][CORE] Bump Jackson to 2.9.9 –

 

This has been done to address CVE-2019-12086.

 

Could you confirm why Jackson jars are not upgraded in older branches like 2.3 etc?

 

Thanks,

Pavithra R

 

Huawei Technologies India Pvt. Ltd.

Survey No. 37, Next to EPIP Area, Kundalahalli, Whitefield

Bengaluru-560066, Karnataka

Tel: + 91-80-49160700 Ext 72060II Mob: 9790706742 Email: [hidden email] 

Company_logo


 

This e-mail and its attachments contain confidential information from HUAWEI, which
is intended only for the person or entity whose address is listed above. Any use of the
information contained herein in any way (including, but not limited to, total or partial
disclosure, reproduction, or dissemination) by persons other than the intended
recipient(s) is prohibited. If you receive this e-mail in error, please notify the sender by
phone or email immediately and delete it!

 

 

Reply | Threaded
Open this post in threaded view
|

Re: Jackson version updation

Sean Owen-2
https://github.com/apache/spark/blob/branch-2.4/pom.xml#L161
Correct, because it would introduce behavior changes.

On Fri, Jun 28, 2019 at 3:54 AM Pavithra R <[hidden email]> wrote:

In spark master branch, the version of Jackson jars have been upgraded to 2.9.9

https://github.com/apache/spark/commit/bd8732300385ad99d2cec3a4af49953d8925eaf6

 

[SPARK-27757][CORE] Bump Jackson to 2.9.9 –

 

This has been done to address CVE-2019-12086.

 

Could you confirm why Jackson jars are not upgraded in older branches like 2.3 etc?

 

Thanks,

Pavithra R

 

Huawei Technologies India Pvt. Ltd.

Survey No. 37, Next to EPIP Area, Kundalahalli, Whitefield

Bengaluru-560066, Karnataka

Tel: + 91-80-49160700 Ext 72060II Mob: 9790706742 Email: [hidden email] 

Company_logo


 

This e-mail and its attachments contain confidential information from HUAWEI, which
is intended only for the person or entity whose address is listed above. Any use of the
information contained herein in any way (including, but not limited to, total or partial
disclosure, reproduction, or dissemination) by persons other than the intended
recipient(s) is prohibited. If you receive this e-mail in error, please notify the sender by
phone or email immediately and delete it!

 

 

Reply | Threaded
Open this post in threaded view
|

Re: Jackson version updation

Driesprong, Fokko
The PR of bumping Jackson to 2.9.6 gives some examples of the behavioral changes that Sean is referring to: https://github.com/apache/spark/pull/21596

Cheers,
Fokko Driesprong

Op vr 28 jun. 2019 om 14:13 schreef Sean Owen <[hidden email]>:
https://github.com/apache/spark/blob/branch-2.4/pom.xml#L161
Correct, because it would introduce behavior changes.

On Fri, Jun 28, 2019 at 3:54 AM Pavithra R <[hidden email]> wrote:

In spark master branch, the version of Jackson jars have been upgraded to 2.9.9

https://github.com/apache/spark/commit/bd8732300385ad99d2cec3a4af49953d8925eaf6

 

[SPARK-27757][CORE] Bump Jackson to 2.9.9 –

 

This has been done to address CVE-2019-12086.

 

Could you confirm why Jackson jars are not upgraded in older branches like 2.3 etc?

 

Thanks,

Pavithra R

 

Huawei Technologies India Pvt. Ltd.

Survey No. 37, Next to EPIP Area, Kundalahalli, Whitefield

Bengaluru-560066, Karnataka

Tel: + 91-80-49160700 Ext 72060II Mob: 9790706742 Email: [hidden email] 

Company_logo


 

This e-mail and its attachments contain confidential information from HUAWEI, which
is intended only for the person or entity whose address is listed above. Any use of the
information contained herein in any way (including, but not limited to, total or partial
disclosure, reproduction, or dissemination) by persons other than the intended
recipient(s) is prohibited. If you receive this e-mail in error, please notify the sender by
phone or email immediately and delete it!