Gitiles
Code Review Sign In
asterix-gerrit.ics.uci.edu / asterixdb / 5725e3df96924da13da1e27fe6e901b8e346560f^! / .
commit5725e3df96924da13da1e27fe6e901b8e346560f[log] [tgz]
authorMichael Blow <mblow@apache.org>Mon Mar 07 16:34:08 2022 -0500
committerMichael Blow <mblow@apache.org>Wed Mar 09 12:32:03 2022 +0000
tree1ae04d5347ab62cf3afcc5cbe81be6a7eef81eca
parente06cf46811faec1f419e753175a9fb39ba02d0c3 [diff]
[NO ISSUE][*DB][MISC] pickup HADOOP-17225 patch to mitigate CVE-2019-10172

Change-Id: If84ef913395c75baf64e4b9c459f0d5b3303efd5
Reviewed-on: https://asterix-gerrit.ics.uci.edu/c/asterixdb/+/15584
Integration-Tests: Jenkins <jenkins@fulliautomatix.ics.uci.edu>
Reviewed-by: Michael Blow <mblow@apache.org>
Reviewed-by: Hussain Towaileb <hussainht@gmail.com>
Tested-by: Jenkins <jenkins@fulliautomatix.ics.uci.edu>

diff --git a/asterixdb/asterix-external-data/pom.xml b/asterixdb/asterix-external-data/pom.xml
index a5ce71d..c91c9e1 100644
--- a/asterixdb/asterix-external-data/pom.xml
+++ b/asterixdb/asterix-external-data/pom.xml

@@ -506,6 +506,29 @@
     <dependency>
       <groupId>org.apache.hadoop</groupId>
       <artifactId>hadoop-azure</artifactId>
+      <exclusions>
+        <!-- apply patch for HADOOP-17225 to workaround CVE-2019-10172 -->
+        <exclusion>
+          <groupId>org.codehaus.jackson</groupId>
+          <artifactId>jackson-mapper-asl</artifactId>
+        </exclusion>
+        <exclusion>
+          <groupId>org.codehaus.jackson</groupId>
+          <artifactId>jackson-core-asl</artifactId>
+        </exclusion>
+      </exclusions>
+    </dependency>
+    <!-- apply patch for HADOOP-17225 to workaround CVE-2019-10172 -->
+    <dependency>
+      <groupId>org.codehaus.jackson</groupId>
+      <artifactId>jackson-mapper-asl</artifactId>
+      <version>1.9.13-atlassian-6</version>
+    </dependency>
+    <!-- apply patch for HADOOP-17225 to workaround CVE-2019-10172 -->
+    <dependency>
+      <groupId>org.codehaus.jackson</groupId>
+      <artifactId>jackson-core-asl</artifactId>
+      <version>1.9.13-atlassian-6</version>
     </dependency>
     <dependency>
       <groupId>io.netty</groupId>
@@ -520,4 +543,11 @@
       <artifactId>netty-transport-native-unix-common</artifactId>
     </dependency>
   </dependencies>
+  <!-- apply patch for HADOOP-17225 to workaround CVE-2019-10172 -->
+  <repositories>
+    <repository>
+      <id>atlassian-3rdparty</id>
+      <url>https://packages.atlassian.com/maven-3rdparty/</url>
+    </repository>
+  </repositories>
 </project>

diff --git a/asterixdb/asterix-server/pom.xml b/asterixdb/asterix-server/pom.xml
index d8ad238..c5ba4cc 100644
--- a/asterixdb/asterix-server/pom.xml
+++ b/asterixdb/asterix-server/pom.xml

@@ -1098,4 +1098,11 @@
       <artifactId>hyracks-api</artifactId>
     </dependency>
   </dependencies>
+  <!-- apply patch for HADOOP-17225 to workaround CVE-2019-10172 -->
+  <repositories>
+    <repository>
+      <id>atlassian-3rdparty</id>
+      <url>https://packages.atlassian.com/maven-3rdparty/</url>
+    </repository>
+  </repositories>
 </project>