HADOOP-18468: Upgrade jettison to 1.5.1 to fix CVE-2022-40149 (#4937)

Contributed by PJ Fanning
This commit is contained in:
PJ Fanning 2022-10-07 15:44:01 +01:00 committed by GitHub
parent 062c50db6b
commit 5eddec8c46
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 14 additions and 3 deletions

View File

@ -343,7 +343,7 @@ org.apache.kerby:token-provider:2.0.2
org.apache.solr:solr-solrj:8.8.2 org.apache.solr:solr-solrj:8.8.2
org.apache.yetus:audience-annotations:0.5.0 org.apache.yetus:audience-annotations:0.5.0
org.apache.zookeeper:zookeeper:3.6.3 org.apache.zookeeper:zookeeper:3.6.3
org.codehaus.jettison:jettison:1.1 org.codehaus.jettison:jettison:1.5.1
org.eclipse.jetty:jetty-annotations:9.4.48.v20220622 org.eclipse.jetty:jetty-annotations:9.4.48.v20220622
org.eclipse.jetty:jetty-http:9.4.48.v20220622 org.eclipse.jetty:jetty-http:9.4.48.v20220622
org.eclipse.jetty:jetty-io:9.4.48.v20220622 org.eclipse.jetty:jetty-io:9.4.48.v20220622

View File

@ -1499,7 +1499,7 @@
<dependency> <dependency>
<groupId>org.codehaus.jettison</groupId> <groupId>org.codehaus.jettison</groupId>
<artifactId>jettison</artifactId> <artifactId>jettison</artifactId>
<version>1.1</version> <version>1.5.1</version>
<exclusions> <exclusions>
<exclusion> <exclusion>
<groupId>stax</groupId> <groupId>stax</groupId>

View File

@ -18,6 +18,8 @@
package org.apache.hadoop.yarn.server.resourcemanager.webapp; package org.apache.hadoop.yarn.server.resourcemanager.webapp;
import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.google.inject.Guice; import com.google.inject.Guice;
import com.google.inject.servlet.ServletModule; import com.google.inject.servlet.ServletModule;
import com.sun.jersey.api.client.ClientResponse; import com.sun.jersey.api.client.ClientResponse;
@ -334,7 +336,16 @@ public static void assertJsonResponse(ClientResponse response,
JSONObject json = response.getEntity(JSONObject.class); JSONObject json = response.getEntity(JSONObject.class);
String actual = json.toString(2); String actual = json.toString(2);
updateTestDataAutomatically(expectedResourceFilename, actual); updateTestDataAutomatically(expectedResourceFilename, actual);
assertEquals(getResourceAsString(expectedResourceFilename), actual); assertEquals(
prettyPrintJson(getResourceAsString(expectedResourceFilename)),
prettyPrintJson(actual));
}
private static String prettyPrintJson(String in) throws JsonProcessingException {
ObjectMapper objectMapper = new ObjectMapper();
return objectMapper
.writerWithDefaultPrettyPrinter()
.writeValueAsString(objectMapper.readTree(in));
} }
public static void assertJsonType(ClientResponse response) { public static void assertJsonType(ClientResponse response) {