HADOOP-16905. Update jackson-databind to 2.10.3 to relieve us from the endless CVE patches. (#1876)

2020-03-06 19:18:01 -08:00 · 2020-03-06 19:18:01 -08:00 · 69faaa1d58
parent 4062217189
commit 69faaa1d58
2 changed files with 9 additions and 2 deletions
--- a/hadoop-client-modules/hadoop-client-runtime/pom.xml
+++ b/hadoop-client-modules/hadoop-client-runtime/pom.xml
@ -339,6 +339,13 @@
                        <exclude>**/pom.xml</exclude>
                      </excludes>
                    </relocation>
+                    <relocation>
+                      <pattern>javax/xml/bind/</pattern>
+                      <shadedPattern>${shaded.dependency.prefix}.javax.xml.bind.</shadedPattern>
+                      <excludes>
+                        <exclude>**/pom.xml</exclude>
+                      </excludes>
+                    </relocation>
                    <relocation>
                      <pattern>net/</pattern>
                      <shadedPattern>${shaded.dependency.prefix}.net.</shadedPattern>
--- a/hadoop-project/pom.xml
+++ b/hadoop-project/pom.xml
@ -71,8 +71,8 @@

    <!-- jackson versions -->
    <jackson.version>1.9.13</jackson.version>
-    <jackson2.version>2.9.10</jackson2.version>
-    <jackson2.databind.version>2.9.10.3</jackson2.databind.version>
+    <jackson2.version>2.10.3</jackson2.version>
+    <jackson2.databind.version>2.10.3</jackson2.databind.version>

    <!-- httpcomponents versions -->
    <httpclient.version>4.5.6</httpclient.version>