Update jackson to 2.9.10 #8940
Update jackson to 2.9.10 #8940
Conversation
ccaominh
force-pushed
the
update-jackson
branch
from
b81ad22
to
e37ba12
Compare
Addresses security vulnerabilities: - sonatype-2016-0397: FasterXML/jackson-core#315 - sonatype-2017-0355: FasterXML/jackson-core#322
ccaominh
force-pushed
the
update-jackson
branch
from
e37ba12
to
bbafbf7
Compare
|
Also manually tested using https://druid.apache.org/docs/latest/tutorials/tutorial-batch-hadoop.html |
|
Would you please add a list of tests you have done? |
|
In the test cluster, I ran a kinesis ingestion task to check the updated jackson version compatibility with AWS SDK for Java version 1.x. @jihoonson Are there any additional manual tests that you recommend? |
|
|
||
| // Previously, the implementation of SegmentWithOvershadowedStatus had @JsonCreator/@JsonProperty and @JsonUnwrapped | ||
| // on the same field (dataSegment), which used to work in Jackson 2.6, but does not work with Jackson 2.9: | ||
| // https://github.com/FasterXML/jackson-databind/issues/265#issuecomment-264344051 |
There was a problem hiding this comment.
that's a bummer :(, should we add a TODO note here to undo the workaround once FasterXML/jackson-databind#1467 is fixed or when/if move to Jackson 3.x ?
There was a problem hiding this comment.
Yeah, I can add a TODO. I think it'll work well in the implementation class as a reminder to remove the constructor I added.
|
Did another manual test that's a variant of https://druid.apache.org/docs/latest/tutorials/tutorial-batch-hadoop.html to have the hadoop index task ingest from s3 and then write to s3 via hdfs. |
|
All the hadoop manual tests were done with hadoop 2.8.5. |
Description
Addresses security vulnerabilities:
OutOfMemoryErrorwhen writing BigDecimal FasterXML/jackson-core#315This PR has: