HIVE-27580: Backport HIVE-20071: Migrate to jackson 2.x and prevent usage #4564
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Member
Author
Member
|
Awesome! Thanks for your effort @wangyum |
kgyrtkirk
added
tests failed
tests pending
and removed
tests pending
tests failed
labels
Member
Author
|
Add HIVE-22059 to fix: |
kgyrtkirk
added
tests pending
tests failed
and removed
tests failed
tests pending
labels
asf-ci-hive
added
tests pending
tests failed
and removed
tests failed
tests pending
labels
asf-ci-hive
added
tests pending
tests failed
and removed
tests failed
tests pending
labels
…oltan Haindrich reviewed by Krisztian Kasa)
asf-ci-hive
added
tests pending
tests failed
and removed
tests failed
tests pending
labels
Member
|
Merged to branch-2.3, thanks @wangyum ! |
charlso96
added a commit
to charlso96/hive
that referenced
this pull request
Sep 7, 2023
…revent usage (apache#4564)" This reverts commit d9e96c9.
LuciferYang
pushed a commit
to apache/spark
that referenced
this pull request
Jun 24, 2025
### What changes were proposed in this pull request? CodeHaus Jackson dependencies were pulled from Hive, while in apache/hive#4564 (Hive 2.3.10), it migrated to Jackson 2.x, so we can remove them from Spark now. ### Why are the changes needed? Remove unused and vulnerable dependencies. ### Does this PR introduce _any_ user-facing change? No ### How was this patch tested? Pass GA. ### Was this patch authored or co-authored using generative AI tooling? No. Closes #46521 from pan3793/SPARK-48231. Authored-by: Cheng Pan <chengpan@apache.org> Signed-off-by: yangjie01 <yangjie01@baidu.com>
senthh
pushed a commit
to acceldata-io/spark3
that referenced
this pull request
Dec 26, 2025
…cies ### What changes were proposed in this pull request? CodeHaus Jackson dependencies were pulled from Hive, while in apache/hive#4564 (Hive 2.3.10), it migrated to Jackson 2.x, so we can remove them from Spark now. ### Why are the changes needed? Remove unused and vulnerable dependencies. ### Does this PR introduce _any_ user-facing change? No ### How was this patch tested? Pass GA. ### Was this patch authored or co-authored using generative AI tooling? No. Closes apache#46521 from pan3793/SPARK-48231. Authored-by: Cheng Pan <chengpan@apache.org> Signed-off-by: yangjie01 <yangjie01@baidu.com> (cherry picked from commit 7916799)
senthh
added a commit
to acceldata-io/spark3
that referenced
this pull request
Dec 26, 2025
…cies ### What changes were proposed in this pull request? CodeHaus Jackson dependencies were pulled from Hive, while in apache/hive#4564 (Hive 2.3.10), it migrated to Jackson 2.x, so we can remove them from Spark now. ### Why are the changes needed? Remove unused and vulnerable dependencies. ### Does this PR introduce _any_ user-facing change? No ### How was this patch tested? Pass GA. ### Was this patch authored or co-authored using generative AI tooling? No. Closes apache#46521 from pan3793/SPARK-48231. Authored-by: Cheng Pan <chengpan@apache.org> Signed-off-by: yangjie01 <yangjie01@baidu.com> (cherry picked from commit 7916799)
basapuram-kumar
pushed a commit
to acceldata-io/spark3
that referenced
this pull request
Jan 19, 2026
* ODP-5743|[SPARK-48231][BUILD] Remove unused CodeHaus Jackson dependencies ### What changes were proposed in this pull request? CodeHaus Jackson dependencies were pulled from Hive, while in apache/hive#4564 (Hive 2.3.10), it migrated to Jackson 2.x, so we can remove them from Spark now. ### Why are the changes needed? Remove unused and vulnerable dependencies. ### Does this PR introduce _any_ user-facing change? No ### How was this patch tested? Pass GA. ### Was this patch authored or co-authored using generative AI tooling? No. Closes apache#46521 from pan3793/SPARK-48231. Authored-by: Cheng Pan <chengpan@apache.org> Signed-off-by: yangjie01 <yangjie01@baidu.com> (cherry picked from commit 7916799) * ODP-5743|[SPARK-48231][BUILD] Remove unused CodeHaus Jackson dependencies ### What changes were proposed in this pull request? CodeHaus Jackson dependencies were pulled from Hive, while in apache/hive#4564 (Hive 2.3.10), it migrated to Jackson 2.x, so we can remove them from Spark now. ### Why are the changes needed? Remove unused and vulnerable dependencies. ### Does this PR introduce _any_ user-facing change? No ### How was this patch tested? Pass GA. ### Was this patch authored or co-authored using generative AI tooling? No. Closes apache#46521 from pan3793/SPARK-48231. Authored-by: Cheng Pan <chengpan@apache.org> Signed-off-by: yangjie01 <yangjie01@baidu.com> (cherry picked from commit 7916799) * ODP-5743|[SPARK-49969][BUILD] Simplify dependency management in YARN module ### What changes were proposed in this pull request? This PR simplifies dependency management in YARN module by pruning unnecessary test scope dependency which pulls from the vanilla Hadoop client. ### Why are the changes needed? Since 3.2 (SPARK-33212), Spark moved from the vanilla Hadoop3 client to the shaded Hadoop3 client, significantly simplifying dependency management, some hack rules of dependency to address the odd issues can be removed to simplify the Maven/SBT configuration files now. ### Does this PR introduce _any_ user-facing change? No. ### How was this patch tested? - pass SBT test: `build/sbt -Pyarn yarn/test` - pass Maven test: `build/mvn -Pyarn -pl :spark-yarn_2.13 clean install -DskipTests -am && build/mvn -Pyarn -pl :spark-yarn_2.13 test` - verified no affection on runtime deps: `dev/test-dependencies.sh` ### Was this patch authored or co-authored using generative AI tooling? No. Closes apache#48468 from pan3793/SPARK-49969. Authored-by: Cheng Pan <chengpan@apache.org> Signed-off-by: Dongjoon Hyun <dongjoon@apache.org> (cherry picked from commit 856cfe7) * ODP-5743 - CVE - Fixing CVE-2024-47561 and CVE-2021-22569 --------- Co-authored-by: Cheng Pan <chengpan@apache.org>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What changes were proposed in this pull request?
This is the third step to remove dependency on jackson-core-asl and jackson-mapper-asl.
Why are the changes needed?
To fix SPARK-44719:
NoClassDefFoundErrorwhen using Hive UDF.Does this PR introduce any user-facing change?
Is the change a dependency upgrade?
How was this patch tested?