HADOOP-16905. Update jackson-databind to 2.10.3 to relieve us from the endless CVE patches (#3748)

(cherry picked from commit 69faaa1d58) Conflicts: hadoop-project/pom.xml
2021-12-10 16:24:06 +09:00 · 2021-12-10 16:24:06 +09:00 · bc6874139f
parent 94ca965e21
commit bc6874139f
2 changed files with 9 additions and 2 deletions
--- a/hadoop-client-modules/hadoop-client-runtime/pom.xml
+++ b/hadoop-client-modules/hadoop-client-runtime/pom.xml
@ -334,6 +334,13 @@
                        <exclude>**/pom.xml</exclude>
                      </excludes>
                    </relocation>
+                    <relocation>
+                      <pattern>javax/xml/bind/</pattern>
+                      <shadedPattern>${shaded.dependency.prefix}.javax.xml.bind.</shadedPattern>
+                      <excludes>
+                        <exclude>**/pom.xml</exclude>
+                      </excludes>
+                    </relocation>
                    <relocation>
                      <pattern>net/</pattern>
                      <shadedPattern>${shaded.dependency.prefix}.net.</shadedPattern>
--- a/hadoop-project/pom.xml
+++ b/hadoop-project/pom.xml
@ -71,8 +71,8 @@

    <!-- jackson versions -->
    <jackson.version>1.9.13</jackson.version>
-    <jackson2.version>2.9.10</jackson2.version>
-    <jackson2.databind.version>2.9.10.4</jackson2.databind.version>
+    <jackson2.version>2.10.3</jackson2.version>
+    <jackson2.databind.version>2.10.3</jackson2.databind.version>

    <!-- httpcomponents versions -->
    <httpclient.version>4.5.13</httpclient.version>