Skip to content

Commit 538088f

Browse files
virajjasaniApache9
virajjasani
authored and
Apache9
committed
HBASE-22863 Cleanup transitive Jackson1 vulnerable dependencies(forward-port HBASE-22728) (#505)
Signed-off-by: Duo Zhang <zhangduo@apache.org> Signed-off-by: Reid Chan <reidchan@apache.org>
1 parent 0a8e206 commit 538088f

7 files changed

Lines changed: 222 additions & 0 deletions

File tree

hbase-mapreduce/pom.xml

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -222,6 +222,16 @@
222222
<artifactId>hadoop-mapreduce-client-jobclient</artifactId>
223223
<type>test-jar</type>
224224
<scope>test</scope>
225+
<exclusions>
226+
<exclusion>
227+
<groupId>org.codehaus.jackson</groupId>
228+
<artifactId>jackson-mapper-asl</artifactId>
229+
</exclusion>
230+
<exclusion>
231+
<groupId>org.codehaus.jackson</groupId>
232+
<artifactId>jackson-core-asl</artifactId>
233+
</exclusion>
234+
</exclusions>
225235
</dependency>
226236
<dependency>
227237
<groupId>org.apache.hadoop</groupId>

hbase-server/pom.xml

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -334,6 +334,12 @@
334334
<dependency>
335335
<groupId>org.apache.hbase</groupId>
336336
<artifactId>hbase-http</artifactId>
337+
<exclusions>
338+
<exclusion>
339+
<groupId>org.codehaus.jackson</groupId>
340+
<artifactId>jackson-core-asl</artifactId>
341+
</exclusion>
342+
</exclusions>
337343
</dependency>
338344
<dependency>
339345
<groupId>org.apache.hbase</groupId>

hbase-shaded/hbase-shaded-client-byo-hadoop/pom.xml

Lines changed: 64 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -87,6 +87,38 @@
8787
<artifactId>hadoop-common</artifactId>
8888
<scope>provided</scope>
8989
</dependency>
90+
<dependency>
91+
<groupId>org.codehaus.jackson</groupId>
92+
<artifactId>jackson-jaxrs</artifactId>
93+
<version>1.9.13</version>
94+
<scope>provided</scope>
95+
<exclusions>
96+
<exclusion>
97+
<groupId>org.codehaus.jackson</groupId>
98+
<artifactId>jackson-mapper-asl</artifactId>
99+
</exclusion>
100+
<exclusion>
101+
<groupId>org.codehaus.jackson</groupId>
102+
<artifactId>jackson-core-asl</artifactId>
103+
</exclusion>
104+
</exclusions>
105+
</dependency>
106+
<dependency>
107+
<groupId>org.codehaus.jackson</groupId>
108+
<artifactId>jackson-xc</artifactId>
109+
<version>1.9.13</version>
110+
<scope>provided</scope>
111+
<exclusions>
112+
<exclusion>
113+
<groupId>org.codehaus.jackson</groupId>
114+
<artifactId>jackson-mapper-asl</artifactId>
115+
</exclusion>
116+
<exclusion>
117+
<groupId>org.codehaus.jackson</groupId>
118+
<artifactId>jackson-core-asl</artifactId>
119+
</exclusion>
120+
</exclusions>
121+
</dependency>
90122
</dependencies>
91123
</profile>
92124

@@ -113,6 +145,38 @@
113145
<artifactId>hadoop-common</artifactId>
114146
<scope>provided</scope>
115147
</dependency>
148+
<dependency>
149+
<groupId>org.codehaus.jackson</groupId>
150+
<artifactId>jackson-jaxrs</artifactId>
151+
<version>1.9.13</version>
152+
<scope>provided</scope>
153+
<exclusions>
154+
<exclusion>
155+
<groupId>org.codehaus.jackson</groupId>
156+
<artifactId>jackson-mapper-asl</artifactId>
157+
</exclusion>
158+
<exclusion>
159+
<groupId>org.codehaus.jackson</groupId>
160+
<artifactId>jackson-core-asl</artifactId>
161+
</exclusion>
162+
</exclusions>
163+
</dependency>
164+
<dependency>
165+
<groupId>org.codehaus.jackson</groupId>
166+
<artifactId>jackson-xc</artifactId>
167+
<version>1.9.13</version>
168+
<scope>provided</scope>
169+
<exclusions>
170+
<exclusion>
171+
<groupId>org.codehaus.jackson</groupId>
172+
<artifactId>jackson-mapper-asl</artifactId>
173+
</exclusion>
174+
<exclusion>
175+
<groupId>org.codehaus.jackson</groupId>
176+
<artifactId>jackson-core-asl</artifactId>
177+
</exclusion>
178+
</exclusions>
179+
</dependency>
116180
</dependencies>
117181
</profile>
118182
</profiles>

hbase-shaded/hbase-shaded-mapreduce/pom.xml

Lines changed: 64 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -269,6 +269,38 @@
269269
</exclusion>
270270
</exclusions>
271271
</dependency>
272+
<dependency>
273+
<groupId>org.codehaus.jackson</groupId>
274+
<artifactId>jackson-jaxrs</artifactId>
275+
<version>1.9.13</version>
276+
<scope>provided</scope>
277+
<exclusions>
278+
<exclusion>
279+
<groupId>org.codehaus.jackson</groupId>
280+
<artifactId>jackson-mapper-asl</artifactId>
281+
</exclusion>
282+
<exclusion>
283+
<groupId>org.codehaus.jackson</groupId>
284+
<artifactId>jackson-core-asl</artifactId>
285+
</exclusion>
286+
</exclusions>
287+
</dependency>
288+
<dependency>
289+
<groupId>org.codehaus.jackson</groupId>
290+
<artifactId>jackson-xc</artifactId>
291+
<version>1.9.13</version>
292+
<scope>provided</scope>
293+
<exclusions>
294+
<exclusion>
295+
<groupId>org.codehaus.jackson</groupId>
296+
<artifactId>jackson-mapper-asl</artifactId>
297+
</exclusion>
298+
<exclusion>
299+
<groupId>org.codehaus.jackson</groupId>
300+
<artifactId>jackson-core-asl</artifactId>
301+
</exclusion>
302+
</exclusions>
303+
</dependency>
272304
<dependency>
273305
<groupId>org.apache.hadoop</groupId>
274306
<artifactId>hadoop-auth</artifactId>
@@ -319,6 +351,38 @@
319351
</exclusion>
320352
</exclusions>
321353
</dependency>
354+
<dependency>
355+
<groupId>org.codehaus.jackson</groupId>
356+
<artifactId>jackson-jaxrs</artifactId>
357+
<version>1.9.13</version>
358+
<scope>provided</scope>
359+
<exclusions>
360+
<exclusion>
361+
<groupId>org.codehaus.jackson</groupId>
362+
<artifactId>jackson-mapper-asl</artifactId>
363+
</exclusion>
364+
<exclusion>
365+
<groupId>org.codehaus.jackson</groupId>
366+
<artifactId>jackson-core-asl</artifactId>
367+
</exclusion>
368+
</exclusions>
369+
</dependency>
370+
<dependency>
371+
<groupId>org.codehaus.jackson</groupId>
372+
<artifactId>jackson-xc</artifactId>
373+
<version>1.9.13</version>
374+
<scope>provided</scope>
375+
<exclusions>
376+
<exclusion>
377+
<groupId>org.codehaus.jackson</groupId>
378+
<artifactId>jackson-mapper-asl</artifactId>
379+
</exclusion>
380+
<exclusion>
381+
<groupId>org.codehaus.jackson</groupId>
382+
<artifactId>jackson-core-asl</artifactId>
383+
</exclusion>
384+
</exclusions>
385+
</dependency>
322386
</dependencies>
323387
</profile>
324388
</profiles>

hbase-shaded/hbase-shaded-testing-util-tester/pom.xml

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -57,6 +57,12 @@
5757
<version>${project.version}</version>
5858
<scope>test</scope>
5959
</dependency>
60+
<dependency>
61+
<groupId>org.codehaus.jackson</groupId>
62+
<artifactId>jackson-mapper-asl</artifactId>
63+
<version>1.9.13</version>
64+
<scope>test</scope>
65+
</dependency>
6066
</dependencies>
6167

6268
</project>

hbase-shaded/hbase-shaded-testing-util/pom.xml

Lines changed: 40 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -45,6 +45,22 @@
4545
<groupId>javax.servlet.jsp</groupId>
4646
<artifactId>jsp-api</artifactId>
4747
</exclusion>
48+
<exclusion>
49+
<groupId>org.codehaus.jackson</groupId>
50+
<artifactId>jackson-mapper-asl</artifactId>
51+
</exclusion>
52+
<exclusion>
53+
<groupId>org.codehaus.jackson</groupId>
54+
<artifactId>jackson-core-asl</artifactId>
55+
</exclusion>
56+
<exclusion>
57+
<groupId>org.codehaus.jackson</groupId>
58+
<artifactId>jackson-jaxrs</artifactId>
59+
</exclusion>
60+
<exclusion>
61+
<groupId>org.codehaus.jackson</groupId>
62+
<artifactId>jackson-xc</artifactId>
63+
</exclusion>
4864
</exclusions>
4965
</dependency>
5066
<dependency>
@@ -59,6 +75,24 @@
5975
<version>${hadoop.version}</version>
6076
<type>test-jar</type>
6177
<scope>compile</scope>
78+
<exclusions>
79+
<exclusion>
80+
<groupId>org.codehaus.jackson</groupId>
81+
<artifactId>jackson-mapper-asl</artifactId>
82+
</exclusion>
83+
<exclusion>
84+
<groupId>org.codehaus.jackson</groupId>
85+
<artifactId>jackson-core-asl</artifactId>
86+
</exclusion>
87+
<exclusion>
88+
<groupId>org.codehaus.jackson</groupId>
89+
<artifactId>jackson-jaxrs</artifactId>
90+
</exclusion>
91+
<exclusion>
92+
<groupId>org.codehaus.jackson</groupId>
93+
<artifactId>jackson-xc</artifactId>
94+
</exclusion>
95+
</exclusions>
6296
</dependency>
6397
<dependency>
6498
<groupId>org.apache.hadoop</groupId>
@@ -97,6 +131,12 @@
97131
<type>test-jar</type>
98132
<scope>compile</scope>
99133
</dependency>
134+
<dependency>
135+
<groupId>org.codehaus.jackson</groupId>
136+
<artifactId>jackson-mapper-asl</artifactId>
137+
<version>1.9.13</version>
138+
<scope>test</scope>
139+
</dependency>
100140

101141
<dependency>
102142
<groupId>org.apache.hbase</groupId>

pom.xml

Lines changed: 32 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2424,6 +2424,14 @@
24242424
<groupId>com.sun.jersey</groupId>
24252425
<artifactId>jersey-core</artifactId>
24262426
</exclusion>
2427+
<exclusion>
2428+
<groupId>org.codehaus.jackson</groupId>
2429+
<artifactId>jackson-jaxrs</artifactId>
2430+
</exclusion>
2431+
<exclusion>
2432+
<groupId>org.codehaus.jackson</groupId>
2433+
<artifactId>jackson-xc</artifactId>
2434+
</exclusion>
24272435
<exclusion>
24282436
<groupId>io.netty</groupId>
24292437
<artifactId>netty</artifactId>
@@ -2588,6 +2596,14 @@
25882596
<groupId>com.sun.jersey</groupId>
25892597
<artifactId>jersey-core</artifactId>
25902598
</exclusion>
2599+
<exclusion>
2600+
<groupId>org.codehaus.jackson</groupId>
2601+
<artifactId>jackson-jaxrs</artifactId>
2602+
</exclusion>
2603+
<exclusion>
2604+
<groupId>org.codehaus.jackson</groupId>
2605+
<artifactId>jackson-xc</artifactId>
2606+
</exclusion>
25912607
<exclusion>
25922608
<groupId>commons-beanutils</groupId>
25932609
<artifactId>commons-beanutils</artifactId>
@@ -2641,6 +2657,14 @@
26412657
<groupId>com.google.code.findbugs</groupId>
26422658
<artifactId>jsr305</artifactId>
26432659
</exclusion>
2660+
<exclusion>
2661+
<groupId>org.codehaus.jackson</groupId>
2662+
<artifactId>jackson-jaxrs</artifactId>
2663+
</exclusion>
2664+
<exclusion>
2665+
<groupId>org.codehaus.jackson</groupId>
2666+
<artifactId>jackson-xc</artifactId>
2667+
</exclusion>
26442668
</exclusions>
26452669
</dependency>
26462670
<dependency>
@@ -2743,6 +2767,14 @@
27432767
<groupId>com.sun.jersey</groupId>
27442768
<artifactId>jersey-core</artifactId>
27452769
</exclusion>
2770+
<exclusion>
2771+
<groupId>org.codehaus.jackson</groupId>
2772+
<artifactId>jackson-jaxrs</artifactId>
2773+
</exclusion>
2774+
<exclusion>
2775+
<groupId>org.codehaus.jackson</groupId>
2776+
<artifactId>jackson-xc</artifactId>
2777+
</exclusion>
27462778
<exclusion>
27472779
<groupId>io.netty</groupId>
27482780
<artifactId>netty</artifactId>

0 commit comments

Comments
 (0)