HADOOP-18468: Upgrade jettison to 1.5.1 to fix CVE-2022-40149 (#4937)

Contributed by PJ Fanning
2022-10-07 15:44:01 +01:00 · 2022-10-07 15:44:01 +01:00 · 5eddec8c46
parent 062c50db6b
commit 5eddec8c46
3 changed files with 14 additions and 3 deletions
--- a/2
+++ b/2
@ -343,7 +343,7 @@ org.apache.kerby:token-provider:2.0.2
 org.apache.solr:solr-solrj:8.8.2
 org.apache.yetus:audience-annotations:0.5.0
 org.apache.zookeeper:zookeeper:3.6.3
-org.codehaus.jettison:jettison:1.1
+org.codehaus.jettison:jettison:1.5.1
 org.eclipse.jetty:jetty-annotations:9.4.48.v20220622
 org.eclipse.jetty:jetty-http:9.4.48.v20220622
 org.eclipse.jetty:jetty-io:9.4.48.v20220622
--- a/hadoop-project/pom.xml
+++ b/hadoop-project/pom.xml
@ -1499,7 +1499,7 @@
      <dependency>
        <groupId>org.codehaus.jettison</groupId>
        <artifactId>jettison</artifactId>
-        <version>1.1</version>
+        <version>1.5.1</version>
        <exclusions>
          <exclusion>
            <groupId>stax</groupId>
--- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/test/java/org/apache/hadoop/yarn/server/resourcemanager/webapp/TestRMWebServicesCapacitySched.java
+++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/test/java/org/apache/hadoop/yarn/server/resourcemanager/webapp/TestRMWebServicesCapacitySched.java
@ -18,6 +18,8 @@

 package org.apache.hadoop.yarn.server.resourcemanager.webapp;

+import com.fasterxml.jackson.core.JsonProcessingException;
+import com.fasterxml.jackson.databind.ObjectMapper;
 import com.google.inject.Guice;
 import com.google.inject.servlet.ServletModule;
 import com.sun.jersey.api.client.ClientResponse;
@ -334,7 +336,16 @@ public class TestRMWebServicesCapacitySched extends JerseyTestBase {
    JSONObject json = response.getEntity(JSONObject.class);
    String actual = json.toString(2);
    updateTestDataAutomatically(expectedResourceFilename, actual);
-    assertEquals(getResourceAsString(expectedResourceFilename), actual);
+    assertEquals(
+        prettyPrintJson(getResourceAsString(expectedResourceFilename)),
+        prettyPrintJson(actual));
+  }
+
+  private static String prettyPrintJson(String in) throws JsonProcessingException {
+    ObjectMapper objectMapper = new ObjectMapper();
+    return objectMapper
+        .writerWithDefaultPrettyPrinter()
+        .writeValueAsString(objectMapper.readTree(in));
  }

  public static void assertJsonType(ClientResponse response) {