HADOOP-18676. Fixing jettison vulnerability of hadoop-common lib (#5507)

* HADOOP-18587. Fixing jettison vulnerability of hadoop-common lib * no need for excluding, let it come Change-Id: Ia6e4ad351158dd4b0510dec34bbde531a60e7654
2023-03-24 16:31:45 +01:00 · 2023-03-24 16:31:45 +01:00 · 72b0122706
commit 72b0122706
parent 69748aae32
1 changed files with 8 additions and 0 deletions
--- a/hadoop-common-project/hadoop-common/pom.xml
+++ b/hadoop-common-project/hadoop-common/pom.xml
@ -175,6 +175,14 @@
        </exclusion>
      </exclusions>
    </dependency>
+    <dependency>
+      <!--
+      adding jettison as direct dependency (as jersey-json's jettison dependency is vulnerable with verison 1.1),
+      so those who depends on hadoop-common externally will get the non-vulnerable jettison
+      -->
+      <groupId>org.codehaus.jettison</groupId>
+      <artifactId>jettison</artifactId>
+    </dependency>
    <dependency>
      <groupId>com.sun.jersey</groupId>
      <artifactId>jersey-server</artifactId>