HBASE-28943 Remove all jackson 1.x dependencies for hadoop-3 profile,… #6405

NihalJain · 2024-10-28T11:11:27Z

… since all jackson 1.x versions have vulnerabilities

Building hbase with hadoop-3 profile on branch-2, still requires jackson 1.x jars, which has vulnerabilities. Ideally these should not be needed as with HADOOP-13332 hadoop has already "Remove jackson 1.9.13 and switch all jackson code to 2.x code line" for branch-3.
Also in HBASE-27148, where we worked on "Move minimum hadoop 3 support version to 3.2.3" we had did a similar cleanup for branch-3 but somehow we missed to port the relevant changes to the branch-2 backport of same jira. This task is to take care of this so that we do not need jackson 1.x to build/run hbase with hadoop-3 profile on branch-2.x.

… since all jackson 1.x versions have vulnerabilities - Building hbase with hadoop-3 profile on branch-2, still requires jackson 1.x jars, which has vulnerabilities. Ideally these should not be needed as with HADOOP-13332 hadoop has already "Remove jackson 1.9.13 and switch all jackson code to 2.x code line" for branch-3. - Also in HBASE-27148, where we worked on "Move minimum hadoop 3 support version to 3.2.3" we had did a similar cleanup for branch-3 but somehow we missed to port the relevant changes to the branch-2 backport of same jira. This task is to take care of this so that we donot need jackson 1.x to build/run hbase with hadoop-3 profile on branch-2.x.

NihalJain · 2024-10-28T11:12:21Z

Changes here are subset of #4561

With this PR dependency:tree does not have jackson 1.x:

hbase %  grep  1.9.13  tree_with_HBASE-28943.txt
hbase %

Before this PR, it was:

hbase %  hbase % grep  1.9.13  tree.txt                 
[INFO] +- org.codehaus.jackson:jackson-jaxrs:jar:1.9.13:provided
[INFO] +- org.codehaus.jackson:jackson-xc:jar:1.9.13:provided
[INFO] +- org.codehaus.jackson:jackson-jaxrs:jar:1.9.13:provided
[INFO] +- org.codehaus.jackson:jackson-xc:jar:1.9.13:provided
[INFO] +- org.codehaus.jackson:jackson-jaxrs:jar:1.9.13:compile
[INFO] |  +- org.codehaus.jackson:jackson-core-asl:jar:1.9.13:compile
[INFO] |  \- org.codehaus.jackson:jackson-mapper-asl:jar:1.9.13:compile
[INFO] |  +- org.codehaus.jackson:jackson-jaxrs:jar:1.9.13:test
[INFO] +- org.codehaus.jackson:jackson-mapper-asl:jar:1.9.13:test
[INFO] |  \- org.codehaus.jackson:jackson-core-asl:jar:1.9.13:test
hbase %

Apache-HBase · 2024-10-28T13:06:32Z

🎊 +1 overall

Vote	Subsystem	Runtime	Logfile	Comment
+0 🆗	reexec	0m 46s		Docker mode activated.
-0 ⚠️	yetus	0m 6s		Unprocessed flag(s): --brief-report-file --spotbugs-strict-precheck --author-ignore-list --blanks-eol-ignore-file --blanks-tabs-ignore-file --quick-hadoopcheck
			_ Prechecks _
			_ branch-2 Compile Tests _
+0 🆗	mvndep	0m 10s		Maven dependency ordering for branch
+1 💚	mvninstall	2m 25s		branch-2 passed
+1 💚	compile	0m 53s		branch-2 passed
+1 💚	javadoc	0m 43s		branch-2 passed
+1 💚	shadedjars	4m 50s		branch has no errors when building our shaded downstream artifacts.
			_ Patch Compile Tests _
+0 🆗	mvndep	0m 16s		Maven dependency ordering for patch
+1 💚	mvninstall	2m 20s		the patch passed
+1 💚	compile	0m 53s		the patch passed
+1 💚	javac	0m 53s		the patch passed
+1 💚	javadoc	0m 43s		the patch passed
+1 💚	shadedjars	4m 44s		patch has no errors when building our shaded downstream artifacts.
			_ Other Tests _
+1 💚	unit	0m 12s		hbase-shaded-client-byo-hadoop in the patch passed.
+1 💚	unit	0m 15s		hbase-shaded-mapreduce in the patch passed.
+1 💚	unit	0m 16s		hbase-shaded-testing-util in the patch passed.
+1 💚	unit	0m 54s		hbase-shaded-testing-util-tester in the patch passed.
		21m 57s

Subsystem	Report/Notes
Docker	ClientAPI=1.47 ServerAPI=1.47 base: https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-6405/1/artifact/yetus-jdk8-hadoop2-check/output/Dockerfile
GITHUB PR	#6405
Optional Tests	javac javadoc unit shadedjars compile
uname	Linux ae7ffb872268 5.4.0-195-generic #215-Ubuntu SMP Fri Aug 2 18:28:05 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux
Build tool	maven
Personality	dev-support/hbase-personality.sh
git revision	branch-2 / `704c187`
Default Java	Temurin-1.8.0_412-b08
Test Results	https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-6405/1/testReport/
Max. process+thread count	408 (vs. ulimit of 30000)
modules	C: hbase-shaded/hbase-shaded-client-byo-hadoop hbase-shaded/hbase-shaded-mapreduce hbase-shaded/hbase-shaded-testing-util hbase-shaded/hbase-shaded-testing-util-tester U: hbase-shaded
Console output	https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-6405/1/console
versions	git=2.34.1 maven=3.9.8
Powered by	Apache Yetus 0.15.0 https://yetus.apache.org

This message was automatically generated.

Apache-HBase · 2024-10-28T13:21:33Z

🎊 +1 overall

Vote	Subsystem	Runtime	Logfile	Comment
+0 🆗	reexec	1m 0s		Docker mode activated.
			_ Prechecks _
+1 💚	dupname	0m 0s		No case conflicting files found.
+0 🆗	codespell	0m 0s		codespell was not available.
+0 🆗	detsecrets	0m 0s		detect-secrets was not available.
+1 💚	@author	0m 0s		The patch does not contain any @author tags.
			_ branch-2 Compile Tests _
+0 🆗	mvndep	0m 18s		Maven dependency ordering for branch
+1 💚	mvninstall	4m 9s		branch-2 passed
+1 💚	compile	1m 11s		branch-2 passed
+1 💚	spotless	1m 1s		branch has no errors when running spotless:check.
			_ Patch Compile Tests _
+0 🆗	mvndep	0m 16s		Maven dependency ordering for patch
+1 💚	mvninstall	3m 45s		the patch passed
+1 💚	compile	1m 4s		the patch passed
+1 💚	javac	1m 4s		the patch passed
+1 💚	blanks	0m 0s		The patch has no blanks issues.
+1 💚	xmllint	0m 0s		No new issues.
+1 💚	hadoopcheck	20m 12s		Patch does not cause any errors with Hadoop 2.10.2 or 3.3.6 3.4.0.
+1 💚	spotless	1m 2s		patch has no errors when running spotless:check.
			_ Other Tests _
+1 💚	asflicense	0m 39s		The patch does not generate ASF License warnings.
		36m 52s

Subsystem	Report/Notes
Docker	ClientAPI=1.43 ServerAPI=1.43 base: https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-6405/1/artifact/yetus-general-check/output/Dockerfile
GITHUB PR	#6405
Optional Tests	dupname asflicense javac codespell detsecrets xmllint hadoopcheck spotless compile
uname	Linux 1f319c54ba09 5.4.0-1103-aws #111~18.04.1-Ubuntu SMP Tue May 23 20:04:10 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux
Build tool	maven
Personality	dev-support/hbase-personality.sh
git revision	branch-2 / `704c187`
Default Java	Eclipse Adoptium-11.0.23+9
Max. process+thread count	80 (vs. ulimit of 30000)
modules	C: hbase-shaded/hbase-shaded-client-byo-hadoop hbase-shaded/hbase-shaded-mapreduce hbase-shaded/hbase-shaded-testing-util hbase-shaded/hbase-shaded-testing-util-tester U: hbase-shaded
Console output	https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-6405/1/console
versions	git=2.34.1 maven=3.9.8 xmllint=20913
Powered by	Apache Yetus 0.15.0 https://yetus.apache.org

This message was automatically generated.

Apache-HBase · 2024-10-28T13:26:15Z

🎊 +1 overall

Vote	Subsystem	Runtime	Logfile	Comment
+0 🆗	reexec	0m 47s		Docker mode activated.
-0 ⚠️	yetus	0m 4s		Unprocessed flag(s): --brief-report-file --spotbugs-strict-precheck --author-ignore-list --blanks-eol-ignore-file --blanks-tabs-ignore-file --quick-hadoopcheck
			_ Prechecks _
			_ branch-2 Compile Tests _
+0 🆗	mvndep	0m 13s		Maven dependency ordering for branch
+1 💚	mvninstall	3m 37s		branch-2 passed
+1 💚	compile	0m 59s		branch-2 passed
+1 💚	javadoc	0m 43s		branch-2 passed
+1 💚	shadedjars	7m 13s		branch has no errors when building our shaded downstream artifacts.
			_ Patch Compile Tests _
+0 🆗	mvndep	0m 18s		Maven dependency ordering for patch
+1 💚	mvninstall	3m 50s		the patch passed
+1 💚	compile	1m 2s		the patch passed
+1 💚	javac	1m 2s		the patch passed
+1 💚	javadoc	0m 44s		the patch passed
+1 💚	shadedjars	6m 49s		patch has no errors when building our shaded downstream artifacts.
			_ Other Tests _
+1 💚	unit	0m 14s		hbase-shaded-client-byo-hadoop in the patch passed.
+1 💚	unit	0m 16s		hbase-shaded-mapreduce in the patch passed.
+1 💚	unit	0m 23s		hbase-shaded-testing-util in the patch passed.
+1 💚	unit	0m 57s		hbase-shaded-testing-util-tester in the patch passed.
		29m 38s

Subsystem	Report/Notes
Docker	ClientAPI=1.43 ServerAPI=1.43 base: https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-6405/1/artifact/yetus-jdk11-hadoop3-check/output/Dockerfile
GITHUB PR	#6405
Optional Tests	javac javadoc unit shadedjars compile
uname	Linux 5fec361d37ea 5.4.0-1103-aws #111~18.04.1-Ubuntu SMP Tue May 23 20:04:10 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux
Build tool	maven
Personality	dev-support/hbase-personality.sh
git revision	branch-2 / `704c187`
Default Java	Eclipse Adoptium-11.0.23+9
Test Results	https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-6405/1/testReport/
Max. process+thread count	435 (vs. ulimit of 30000)
modules	C: hbase-shaded/hbase-shaded-client-byo-hadoop hbase-shaded/hbase-shaded-mapreduce hbase-shaded/hbase-shaded-testing-util hbase-shaded/hbase-shaded-testing-util-tester U: hbase-shaded
Console output	https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-6405/1/console
versions	git=2.34.1 maven=3.9.8
Powered by	Apache Yetus 0.15.0 https://yetus.apache.org

This message was automatically generated.

Apache-HBase · 2024-10-28T13:27:37Z

🎊 +1 overall

Vote	Subsystem	Runtime	Logfile	Comment
+0 🆗	reexec	0m 57s		Docker mode activated.
-0 ⚠️	yetus	0m 5s		Unprocessed flag(s): --brief-report-file --spotbugs-strict-precheck --author-ignore-list --blanks-eol-ignore-file --blanks-tabs-ignore-file --quick-hadoopcheck
			_ Prechecks _
			_ branch-2 Compile Tests _
+0 🆗	mvndep	0m 11s		Maven dependency ordering for branch
+1 💚	mvninstall	4m 1s		branch-2 passed
+1 💚	compile	1m 0s		branch-2 passed
+1 💚	javadoc	0m 44s		branch-2 passed
+1 💚	shadedjars	7m 8s		branch has no errors when building our shaded downstream artifacts.
			_ Patch Compile Tests _
+0 🆗	mvndep	0m 17s		Maven dependency ordering for patch
+1 💚	mvninstall	3m 51s		the patch passed
+1 💚	compile	0m 59s		the patch passed
+1 💚	javac	0m 59s		the patch passed
+1 💚	javadoc	0m 42s		the patch passed
+1 💚	shadedjars	6m 59s		patch has no errors when building our shaded downstream artifacts.
			_ Other Tests _
+1 💚	unit	0m 14s		hbase-shaded-client-byo-hadoop in the patch passed.
+1 💚	unit	0m 16s		hbase-shaded-mapreduce in the patch passed.
+1 💚	unit	0m 20s		hbase-shaded-testing-util in the patch passed.
+1 💚	unit	0m 50s		hbase-shaded-testing-util-tester in the patch passed.
		30m 6s

Subsystem	Report/Notes
Docker	ClientAPI=1.43 ServerAPI=1.43 base: https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-6405/1/artifact/yetus-jdk17-hadoop3-check/output/Dockerfile
GITHUB PR	#6405
Optional Tests	javac javadoc unit shadedjars compile
uname	Linux 205a91fa1558 5.4.0-1103-aws #111~18.04.1-Ubuntu SMP Tue May 23 20:04:10 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux
Build tool	maven
Personality	dev-support/hbase-personality.sh
git revision	branch-2 / `704c187`
Default Java	Eclipse Adoptium-17.0.11+9
Test Results	https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-6405/1/testReport/
Max. process+thread count	426 (vs. ulimit of 30000)
modules	C: hbase-shaded/hbase-shaded-client-byo-hadoop hbase-shaded/hbase-shaded-mapreduce hbase-shaded/hbase-shaded-testing-util hbase-shaded/hbase-shaded-testing-util-tester U: hbase-shaded
Console output	https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-6405/1/console
versions	git=2.34.1 maven=3.9.8
Powered by	Apache Yetus 0.15.0 https://yetus.apache.org

This message was automatically generated.

ndimiduk · 2024-10-29T16:02:26Z

Nice one.

… since all jackson 1.x versions have vulnerabilities (apache#6405) - Building hbase with hadoop-3 profile on branch-2, still requires jackson 1.x jars, which has vulnerabilities. Ideally these should not be needed as with HADOOP-13332 hadoop has already "Remove jackson 1.9.13 and switch all jackson code to 2.x code line" for branch-3. - Also in HBASE-27148, where we worked on "Move minimum hadoop 3 support version to 3.2.3", where we had done a similar cleanup for branch-3; but somehow we missed to port the relevant changes to the branch-2 backport of same jira. This task is to take care of this so that we do not need jackson 1.x to build/run hbase with hadoop-3 profile on branch-2.x. Signed-off-by: Duo Zhang <[email protected]> Signed-off-by: Nick Dimiduk <[email protected]> (cherry picked from commit 41621f0)

… since all jackson 1.x versions have vulnerabilities (#6405) (#6413) - Building hbase with hadoop-3 profile on branch-2, still requires jackson 1.x jars, which has vulnerabilities. Ideally these should not be needed as with HADOOP-13332 hadoop has already "Remove jackson 1.9.13 and switch all jackson code to 2.x code line" for branch-3. - Also in HBASE-27148, where we worked on "Move minimum hadoop 3 support version to 3.2.3", where we had done a similar cleanup for branch-3; but somehow we missed to port the relevant changes to the branch-2 backport of same jira. This task is to take care of this so that we do not need jackson 1.x to build/run hbase with hadoop-3 profile on branch-2.x. Signed-off-by: Duo Zhang <[email protected]> Signed-off-by: Nick Dimiduk <[email protected]> (cherry picked from commit 41621f0)

… since all jackson 1.x versions have vulnerabilities (#6405) (#6414) - Building hbase with hadoop-3 profile on branch-2, still requires jackson 1.x jars, which has vulnerabilities. Ideally these should not be needed as with HADOOP-13332 hadoop has already "Remove jackson 1.9.13 and switch all jackson code to 2.x code line" for branch-3. - Also in HBASE-27148, where we worked on "Move minimum hadoop 3 support version to 3.2.3", where we had done a similar cleanup for branch-3; but somehow we missed to port the relevant changes to the branch-2 backport of same jira. This task is to take care of this so that we do not need jackson 1.x to build/run hbase with hadoop-3 profile on branch-2.x. Signed-off-by: Duo Zhang <[email protected]> Signed-off-by: Nick Dimiduk <[email protected]> (cherry picked from commit 41621f0)

NihalJain requested review from Apache9, ndimiduk and stoty October 28, 2024 11:11

ndimiduk approved these changes Oct 29, 2024

View reviewed changes

Apache9 approved these changes Oct 30, 2024

View reviewed changes

NihalJain merged commit 41621f0 into apache:branch-2 Oct 30, 2024
1 check passed

NihalJain mentioned this pull request Oct 30, 2024

HBASE-28943 Remove all jackson 1.x dependencies for hadoop-3 profile, since all jackson 1.x versions have vulnerabilities #6413

Merged

NihalJain mentioned this pull request Oct 30, 2024

HBASE-28943 Remove all jackson 1.x dependencies for hadoop-3 profile, since all jackson 1.x versions have vulnerabilities #6414

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

HBASE-28943 Remove all jackson 1.x dependencies for hadoop-3 profile,… #6405

HBASE-28943 Remove all jackson 1.x dependencies for hadoop-3 profile,… #6405

Uh oh!

NihalJain commented Oct 28, 2024

Uh oh!

NihalJain commented Oct 28, 2024 •

edited

Loading

Uh oh!

Apache-HBase commented Oct 28, 2024

Uh oh!

Apache-HBase commented Oct 28, 2024

Uh oh!

Apache-HBase commented Oct 28, 2024

Uh oh!

Apache-HBase commented Oct 28, 2024

Uh oh!

ndimiduk commented Oct 29, 2024

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants

HBASE-28943 Remove all jackson 1.x dependencies for hadoop-3 profile,… #6405

HBASE-28943 Remove all jackson 1.x dependencies for hadoop-3 profile,… #6405

Uh oh!

Conversation

NihalJain commented Oct 28, 2024

Uh oh!

NihalJain commented Oct 28, 2024 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Apache-HBase commented Oct 28, 2024

Uh oh!

Apache-HBase commented Oct 28, 2024

Uh oh!

Apache-HBase commented Oct 28, 2024

Uh oh!

Apache-HBase commented Oct 28, 2024

Uh oh!

ndimiduk commented Oct 29, 2024

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants

NihalJain commented Oct 28, 2024 •

edited

Loading