Skip to content

Commit 84d092c

Browse files
virajjasaniApache9
virajjasani
authored and
Apache9
committed
HBASE-22863 Cleanup transitive Jackson1 vulnerable dependencies(forward-port HBASE-22728) (#505)
Signed-off-by: Duo Zhang <[email protected]> Signed-off-by: Reid Chan <[email protected]>
1 parent c8bb623 commit 84d092c

File tree

7 files changed

+222
-0
lines changed

7 files changed

+222
-0
lines changed

hbase-mapreduce/pom.xml

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -221,6 +221,16 @@
221221
<artifactId>hadoop-mapreduce-client-jobclient</artifactId>
222222
<type>test-jar</type>
223223
<scope>test</scope>
224+
<exclusions>
225+
<exclusion>
226+
<groupId>org.codehaus.jackson</groupId>
227+
<artifactId>jackson-mapper-asl</artifactId>
228+
</exclusion>
229+
<exclusion>
230+
<groupId>org.codehaus.jackson</groupId>
231+
<artifactId>jackson-core-asl</artifactId>
232+
</exclusion>
233+
</exclusions>
224234
</dependency>
225235
<dependency>
226236
<groupId>org.apache.hadoop</groupId>

hbase-server/pom.xml

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -333,6 +333,12 @@
333333
<dependency>
334334
<groupId>org.apache.hbase</groupId>
335335
<artifactId>hbase-http</artifactId>
336+
<exclusions>
337+
<exclusion>
338+
<groupId>org.codehaus.jackson</groupId>
339+
<artifactId>jackson-core-asl</artifactId>
340+
</exclusion>
341+
</exclusions>
336342
</dependency>
337343
<dependency>
338344
<groupId>org.apache.hbase</groupId>

hbase-shaded/hbase-shaded-client-byo-hadoop/pom.xml

Lines changed: 64 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -87,6 +87,38 @@
8787
<artifactId>hadoop-common</artifactId>
8888
<scope>provided</scope>
8989
</dependency>
90+
<dependency>
91+
<groupId>org.codehaus.jackson</groupId>
92+
<artifactId>jackson-jaxrs</artifactId>
93+
<version>1.9.13</version>
94+
<scope>provided</scope>
95+
<exclusions>
96+
<exclusion>
97+
<groupId>org.codehaus.jackson</groupId>
98+
<artifactId>jackson-mapper-asl</artifactId>
99+
</exclusion>
100+
<exclusion>
101+
<groupId>org.codehaus.jackson</groupId>
102+
<artifactId>jackson-core-asl</artifactId>
103+
</exclusion>
104+
</exclusions>
105+
</dependency>
106+
<dependency>
107+
<groupId>org.codehaus.jackson</groupId>
108+
<artifactId>jackson-xc</artifactId>
109+
<version>1.9.13</version>
110+
<scope>provided</scope>
111+
<exclusions>
112+
<exclusion>
113+
<groupId>org.codehaus.jackson</groupId>
114+
<artifactId>jackson-mapper-asl</artifactId>
115+
</exclusion>
116+
<exclusion>
117+
<groupId>org.codehaus.jackson</groupId>
118+
<artifactId>jackson-core-asl</artifactId>
119+
</exclusion>
120+
</exclusions>
121+
</dependency>
90122
</dependencies>
91123
</profile>
92124

@@ -113,6 +145,38 @@
113145
<artifactId>hadoop-common</artifactId>
114146
<scope>provided</scope>
115147
</dependency>
148+
<dependency>
149+
<groupId>org.codehaus.jackson</groupId>
150+
<artifactId>jackson-jaxrs</artifactId>
151+
<version>1.9.13</version>
152+
<scope>provided</scope>
153+
<exclusions>
154+
<exclusion>
155+
<groupId>org.codehaus.jackson</groupId>
156+
<artifactId>jackson-mapper-asl</artifactId>
157+
</exclusion>
158+
<exclusion>
159+
<groupId>org.codehaus.jackson</groupId>
160+
<artifactId>jackson-core-asl</artifactId>
161+
</exclusion>
162+
</exclusions>
163+
</dependency>
164+
<dependency>
165+
<groupId>org.codehaus.jackson</groupId>
166+
<artifactId>jackson-xc</artifactId>
167+
<version>1.9.13</version>
168+
<scope>provided</scope>
169+
<exclusions>
170+
<exclusion>
171+
<groupId>org.codehaus.jackson</groupId>
172+
<artifactId>jackson-mapper-asl</artifactId>
173+
</exclusion>
174+
<exclusion>
175+
<groupId>org.codehaus.jackson</groupId>
176+
<artifactId>jackson-core-asl</artifactId>
177+
</exclusion>
178+
</exclusions>
179+
</dependency>
116180
</dependencies>
117181
</profile>
118182
</profiles>

hbase-shaded/hbase-shaded-mapreduce/pom.xml

Lines changed: 64 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -265,6 +265,38 @@
265265
</exclusion>
266266
</exclusions>
267267
</dependency>
268+
<dependency>
269+
<groupId>org.codehaus.jackson</groupId>
270+
<artifactId>jackson-jaxrs</artifactId>
271+
<version>1.9.13</version>
272+
<scope>provided</scope>
273+
<exclusions>
274+
<exclusion>
275+
<groupId>org.codehaus.jackson</groupId>
276+
<artifactId>jackson-mapper-asl</artifactId>
277+
</exclusion>
278+
<exclusion>
279+
<groupId>org.codehaus.jackson</groupId>
280+
<artifactId>jackson-core-asl</artifactId>
281+
</exclusion>
282+
</exclusions>
283+
</dependency>
284+
<dependency>
285+
<groupId>org.codehaus.jackson</groupId>
286+
<artifactId>jackson-xc</artifactId>
287+
<version>1.9.13</version>
288+
<scope>provided</scope>
289+
<exclusions>
290+
<exclusion>
291+
<groupId>org.codehaus.jackson</groupId>
292+
<artifactId>jackson-mapper-asl</artifactId>
293+
</exclusion>
294+
<exclusion>
295+
<groupId>org.codehaus.jackson</groupId>
296+
<artifactId>jackson-core-asl</artifactId>
297+
</exclusion>
298+
</exclusions>
299+
</dependency>
268300
<dependency>
269301
<groupId>org.apache.hadoop</groupId>
270302
<artifactId>hadoop-auth</artifactId>
@@ -315,6 +347,38 @@
315347
</exclusion>
316348
</exclusions>
317349
</dependency>
350+
<dependency>
351+
<groupId>org.codehaus.jackson</groupId>
352+
<artifactId>jackson-jaxrs</artifactId>
353+
<version>1.9.13</version>
354+
<scope>provided</scope>
355+
<exclusions>
356+
<exclusion>
357+
<groupId>org.codehaus.jackson</groupId>
358+
<artifactId>jackson-mapper-asl</artifactId>
359+
</exclusion>
360+
<exclusion>
361+
<groupId>org.codehaus.jackson</groupId>
362+
<artifactId>jackson-core-asl</artifactId>
363+
</exclusion>
364+
</exclusions>
365+
</dependency>
366+
<dependency>
367+
<groupId>org.codehaus.jackson</groupId>
368+
<artifactId>jackson-xc</artifactId>
369+
<version>1.9.13</version>
370+
<scope>provided</scope>
371+
<exclusions>
372+
<exclusion>
373+
<groupId>org.codehaus.jackson</groupId>
374+
<artifactId>jackson-mapper-asl</artifactId>
375+
</exclusion>
376+
<exclusion>
377+
<groupId>org.codehaus.jackson</groupId>
378+
<artifactId>jackson-core-asl</artifactId>
379+
</exclusion>
380+
</exclusions>
381+
</dependency>
318382
</dependencies>
319383
</profile>
320384
</profiles>

hbase-shaded/hbase-shaded-testing-util-tester/pom.xml

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -57,6 +57,12 @@
5757
<version>${project.version}</version>
5858
<scope>test</scope>
5959
</dependency>
60+
<dependency>
61+
<groupId>org.codehaus.jackson</groupId>
62+
<artifactId>jackson-mapper-asl</artifactId>
63+
<version>1.9.13</version>
64+
<scope>test</scope>
65+
</dependency>
6066
</dependencies>
6167

6268
</project>

hbase-shaded/hbase-shaded-testing-util/pom.xml

Lines changed: 40 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -45,6 +45,22 @@
4545
<groupId>javax.servlet.jsp</groupId>
4646
<artifactId>jsp-api</artifactId>
4747
</exclusion>
48+
<exclusion>
49+
<groupId>org.codehaus.jackson</groupId>
50+
<artifactId>jackson-mapper-asl</artifactId>
51+
</exclusion>
52+
<exclusion>
53+
<groupId>org.codehaus.jackson</groupId>
54+
<artifactId>jackson-core-asl</artifactId>
55+
</exclusion>
56+
<exclusion>
57+
<groupId>org.codehaus.jackson</groupId>
58+
<artifactId>jackson-jaxrs</artifactId>
59+
</exclusion>
60+
<exclusion>
61+
<groupId>org.codehaus.jackson</groupId>
62+
<artifactId>jackson-xc</artifactId>
63+
</exclusion>
4864
</exclusions>
4965
</dependency>
5066
<dependency>
@@ -59,6 +75,24 @@
5975
<version>${hadoop.version}</version>
6076
<type>test-jar</type>
6177
<scope>compile</scope>
78+
<exclusions>
79+
<exclusion>
80+
<groupId>org.codehaus.jackson</groupId>
81+
<artifactId>jackson-mapper-asl</artifactId>
82+
</exclusion>
83+
<exclusion>
84+
<groupId>org.codehaus.jackson</groupId>
85+
<artifactId>jackson-core-asl</artifactId>
86+
</exclusion>
87+
<exclusion>
88+
<groupId>org.codehaus.jackson</groupId>
89+
<artifactId>jackson-jaxrs</artifactId>
90+
</exclusion>
91+
<exclusion>
92+
<groupId>org.codehaus.jackson</groupId>
93+
<artifactId>jackson-xc</artifactId>
94+
</exclusion>
95+
</exclusions>
6296
</dependency>
6397
<dependency>
6498
<groupId>org.apache.hadoop</groupId>
@@ -97,6 +131,12 @@
97131
<type>test-jar</type>
98132
<scope>compile</scope>
99133
</dependency>
134+
<dependency>
135+
<groupId>org.codehaus.jackson</groupId>
136+
<artifactId>jackson-mapper-asl</artifactId>
137+
<version>1.9.13</version>
138+
<scope>test</scope>
139+
</dependency>
100140

101141
<dependency>
102142
<groupId>org.apache.hbase</groupId>

pom.xml

Lines changed: 32 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2418,6 +2418,14 @@
24182418
<groupId>com.sun.jersey</groupId>
24192419
<artifactId>jersey-core</artifactId>
24202420
</exclusion>
2421+
<exclusion>
2422+
<groupId>org.codehaus.jackson</groupId>
2423+
<artifactId>jackson-jaxrs</artifactId>
2424+
</exclusion>
2425+
<exclusion>
2426+
<groupId>org.codehaus.jackson</groupId>
2427+
<artifactId>jackson-xc</artifactId>
2428+
</exclusion>
24212429
<exclusion>
24222430
<groupId>io.netty</groupId>
24232431
<artifactId>netty</artifactId>
@@ -2592,6 +2600,14 @@
25922600
<groupId>com.sun.jersey</groupId>
25932601
<artifactId>jersey-core</artifactId>
25942602
</exclusion>
2603+
<exclusion>
2604+
<groupId>org.codehaus.jackson</groupId>
2605+
<artifactId>jackson-jaxrs</artifactId>
2606+
</exclusion>
2607+
<exclusion>
2608+
<groupId>org.codehaus.jackson</groupId>
2609+
<artifactId>jackson-xc</artifactId>
2610+
</exclusion>
25952611
<exclusion>
25962612
<groupId>commons-beanutils</groupId>
25972613
<artifactId>commons-beanutils</artifactId>
@@ -2645,6 +2661,14 @@
26452661
<groupId>com.google.code.findbugs</groupId>
26462662
<artifactId>jsr305</artifactId>
26472663
</exclusion>
2664+
<exclusion>
2665+
<groupId>org.codehaus.jackson</groupId>
2666+
<artifactId>jackson-jaxrs</artifactId>
2667+
</exclusion>
2668+
<exclusion>
2669+
<groupId>org.codehaus.jackson</groupId>
2670+
<artifactId>jackson-xc</artifactId>
2671+
</exclusion>
26482672
</exclusions>
26492673
</dependency>
26502674
<dependency>
@@ -2747,6 +2771,14 @@
27472771
<groupId>com.sun.jersey</groupId>
27482772
<artifactId>jersey-core</artifactId>
27492773
</exclusion>
2774+
<exclusion>
2775+
<groupId>org.codehaus.jackson</groupId>
2776+
<artifactId>jackson-jaxrs</artifactId>
2777+
</exclusion>
2778+
<exclusion>
2779+
<groupId>org.codehaus.jackson</groupId>
2780+
<artifactId>jackson-xc</artifactId>
2781+
</exclusion>
27502782
<exclusion>
27512783
<groupId>io.netty</groupId>
27522784
<artifactId>netty</artifactId>

0 commit comments

Comments
 (0)