YARN-11498. Exclude jettison from jersey-json artifact as on older version is being pulled #5623

devaspatikrishnatri · 2023-05-05T04:49:26Z

…version is being pulled

Description of PR

How was this patch tested?

For code changes:

Does the title or this PR starts with the corresponding JIRA issue id (e.g. 'HADOOP-17799. Your PR title ...')?
Object storage: have the integration tests been executed and the endpoint declared according to the connector-specific documentation?
If adding new dependencies to the code, are these dependencies licensed in a way that is compatible for inclusion under ASF 2.0?
If applicable, have you updated the LICENSE, LICENSE-binary, NOTICE-binary files?

…version is being pulled

devaspatikrishnatri · 2023-05-05T04:49:51Z

@szilard-nemeth Could you please see this is it is okay?

hadoop-yetus · 2023-05-05T08:57:53Z

💔 -1 overall

Vote	Subsystem	Runtime	Logfile	Comment
+0 🆗	reexec	0m 35s		Docker mode activated.
			_ Prechecks _
+1 💚	dupname	0m 0s		No case conflicting files found.
+0 🆗	codespell	0m 0s		codespell was not available.
+0 🆗	detsecrets	0m 0s		detect-secrets was not available.
+0 🆗	xmllint	0m 0s		xmllint was not available.
+1 💚	@author	0m 0s		The patch does not contain any @author tags.
-1 ❌	test4tests	0m 0s		The patch doesn't appear to include any new or modified tests. Please justify why no new tests are needed for this patch. Also please list what manual steps were performed to verify this patch.
			_ trunk Compile Tests _
-1 ❌	mvninstall	181m 48s	/branch-mvninstall-root.txt	root in trunk failed.
+1 💚	compile	0m 42s		trunk passed with JDK Ubuntu-11.0.18+10-post-Ubuntu-0ubuntu120.04.1
+1 💚	compile	0m 36s		trunk passed with JDK Private Build-1.8.0_362-8u362-ga-0ubuntu1~20.04.1-b09
+1 💚	mvnsite	1m 5s		trunk passed
+1 💚	javadoc	1m 27s		trunk passed with JDK Ubuntu-11.0.18+10-post-Ubuntu-0ubuntu120.04.1
+1 💚	javadoc	0m 43s		trunk passed with JDK Private Build-1.8.0_362-8u362-ga-0ubuntu1~20.04.1-b09
+1 💚	shadedclient	210m 13s		branch has no errors when building and testing our client artifacts.
			_ Patch Compile Tests _
+1 💚	mvninstall	0m 32s		the patch passed
+1 💚	compile	0m 36s		the patch passed with JDK Ubuntu-11.0.18+10-post-Ubuntu-0ubuntu120.04.1
+1 💚	javac	0m 36s		the patch passed
+1 💚	compile	0m 32s		the patch passed with JDK Private Build-1.8.0_362-8u362-ga-0ubuntu1~20.04.1-b09
+1 💚	javac	0m 32s		the patch passed
+1 💚	blanks	0m 0s		The patch has no blanks issues.
+1 💚	mvnsite	0m 35s		the patch passed
+1 💚	javadoc	0m 37s		the patch passed with JDK Ubuntu-11.0.18+10-post-Ubuntu-0ubuntu120.04.1
+1 💚	javadoc	0m 37s		the patch passed with JDK Private Build-1.8.0_362-8u362-ga-0ubuntu1~20.04.1-b09
+1 💚	shadedclient	22m 8s		patch has no errors when building and testing our client artifacts.
			_ Other Tests _
+1 💚	unit	5m 24s		hadoop-yarn-common in the patch passed.
+1 💚	asflicense	0m 38s		The patch does not generate ASF License warnings.
		243m 29s

Subsystem	Report/Notes
Docker	ClientAPI=1.42 ServerAPI=1.42 base: https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-5623/2/artifact/out/Dockerfile
GITHUB PR	#5623
Optional Tests	dupname asflicense compile javac javadoc mvninstall mvnsite unit shadedclient codespell detsecrets xmllint
uname	Linux 66c2a1bab828 4.15.0-206-generic #217-Ubuntu SMP Fri Feb 3 19:10:13 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux
Build tool	maven
Personality	dev-support/bin/hadoop.sh
git revision	trunk / `27bcde8`
Default Java	Private Build-1.8.0_362-8u362-ga-0ubuntu1~20.04.1-b09
Multi-JDK versions	/usr/lib/jvm/java-11-openjdk-amd64:Ubuntu-11.0.18+10-post-Ubuntu-0ubuntu120.04.1 /usr/lib/jvm/java-8-openjdk-amd64:Private Build-1.8.0_362-8u362-ga-0ubuntu1~20.04.1-b09
Test Results	https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-5623/2/testReport/
Max. process+thread count	752 (vs. ulimit of 5500)
modules	C: hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common U: hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common
Console output	https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-5623/2/console
versions	git=2.25.1 maven=3.6.3
Powered by	Apache Yetus 0.14.0 https://yetus.apache.org

This message was automatically generated.

hadoop-yetus · 2023-05-05T09:51:03Z

💔 -1 overall

Vote	Subsystem	Runtime	Logfile	Comment
+0 🆗	reexec	1m 0s		Docker mode activated.
			_ Prechecks _
+1 💚	dupname	0m 0s		No case conflicting files found.
+0 🆗	codespell	0m 1s		codespell was not available.
+0 🆗	detsecrets	0m 1s		detect-secrets was not available.
+0 🆗	xmllint	0m 1s		xmllint was not available.
+1 💚	@author	0m 0s		The patch does not contain any @author tags.
-1 ❌	test4tests	0m 0s		The patch doesn't appear to include any new or modified tests. Please justify why no new tests are needed for this patch. Also please list what manual steps were performed to verify this patch.
			_ trunk Compile Tests _
-1 ❌	mvninstall	234m 2s	/branch-mvninstall-root.txt	root in trunk failed.
+1 💚	compile	0m 51s		trunk passed with JDK Ubuntu-11.0.18+10-post-Ubuntu-0ubuntu120.04.1
+1 💚	compile	0m 43s		trunk passed with JDK Private Build-1.8.0_362-8u362-ga-0ubuntu1~20.04.1-b09
+1 💚	mvnsite	1m 15s		trunk passed
+1 💚	javadoc	2m 19s		trunk passed with JDK Ubuntu-11.0.18+10-post-Ubuntu-0ubuntu120.04.1
+1 💚	javadoc	0m 55s		trunk passed with JDK Private Build-1.8.0_362-8u362-ga-0ubuntu1~20.04.1-b09
+1 💚	shadedclient	263m 42s		branch has no errors when building and testing our client artifacts.
			_ Patch Compile Tests _
+1 💚	mvninstall	0m 32s		the patch passed
+1 💚	compile	0m 37s		the patch passed with JDK Ubuntu-11.0.18+10-post-Ubuntu-0ubuntu120.04.1
+1 💚	javac	0m 37s		the patch passed
+1 💚	compile	0m 30s		the patch passed with JDK Private Build-1.8.0_362-8u362-ga-0ubuntu1~20.04.1-b09
+1 💚	javac	0m 30s		the patch passed
+1 💚	blanks	0m 0s		The patch has no blanks issues.
+1 💚	mvnsite	0m 34s		the patch passed
+1 💚	javadoc	0m 38s		the patch passed with JDK Ubuntu-11.0.18+10-post-Ubuntu-0ubuntu120.04.1
+1 💚	javadoc	0m 36s		the patch passed with JDK Private Build-1.8.0_362-8u362-ga-0ubuntu1~20.04.1-b09
+1 💚	shadedclient	25m 24s		patch has no errors when building and testing our client artifacts.
			_ Other Tests _
+1 💚	unit	5m 9s		hadoop-yarn-common in the patch passed.
+1 💚	asflicense	0m 34s		The patch does not generate ASF License warnings.
		300m 15s

Subsystem	Report/Notes
Docker	ClientAPI=1.42 ServerAPI=1.42 base: https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-5623/1/artifact/out/Dockerfile
GITHUB PR	#5623
Optional Tests	dupname asflicense compile javac javadoc mvninstall mvnsite unit shadedclient codespell detsecrets xmllint
uname	Linux 1164a7de2e80 4.15.0-206-generic #217-Ubuntu SMP Fri Feb 3 19:10:13 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux
Build tool	maven
Personality	dev-support/bin/hadoop.sh
git revision	trunk / `27bcde8`
Default Java	Private Build-1.8.0_362-8u362-ga-0ubuntu1~20.04.1-b09
Multi-JDK versions	/usr/lib/jvm/java-11-openjdk-amd64:Ubuntu-11.0.18+10-post-Ubuntu-0ubuntu120.04.1 /usr/lib/jvm/java-8-openjdk-amd64:Private Build-1.8.0_362-8u362-ga-0ubuntu1~20.04.1-b09
Test Results	https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-5623/1/testReport/
Max. process+thread count	529 (vs. ulimit of 5500)
modules	C: hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common U: hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common
Console output	https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-5623/1/console
versions	git=2.25.1 maven=3.6.3
Powered by	Apache Yetus 0.14.0 https://yetus.apache.org

This message was automatically generated.

tomicooler · 2023-05-31T14:08:10Z

Hi @devaspatikrishnatri ,

you can re-trigger the build by creating an empty commit git commit --allow-empty -m "Trigger the jenkins job" then pushing it to your fork's branch git push origin HADOOP-18732.

I think the reason for this exclusion should be documented in the Jira, as far as I know the reason being:

An older version of Jetty is being pulled in by jersey-json artifact in hadoop-yarn-common, which contains CVEs.

https://mvnrepository.com/artifact/com.sun.jersey/jersey-json/1.19.4

BTW jackson-mapper-asl 1.9.2 has also 2 CVEs (https://mvnrepository.com/artifact/org.codehaus.jackson/jackson-mapper-asl/1.9.2).

hadoop-yetus · 2023-06-01T12:39:04Z

💔 -1 overall

Vote	Subsystem	Runtime	Logfile	Comment
+0 🆗	reexec	1m 2s		Docker mode activated.
			_ Prechecks _
+1 💚	dupname	0m 0s		No case conflicting files found.
+0 8000 🆗	codespell	0m 1s		codespell was not available.
+0 🆗	detsecrets	0m 1s		detect-secrets was not available.
+0 🆗	xmllint	0m 1s		xmllint was not available.
+1 💚	@author	0m 0s		The patch does not contain any @author tags.
-1 ❌	test4tests	0m 0s		The patch doesn't appear to include any new or modified tests. Please justify why no new tests are needed for this patch. Also please list what manual steps were performed to verify this patch.
			_ trunk Compile Tests _
+1 💚	mvninstall	38m 4s		trunk passed
+1 💚	compile	0m 46s		trunk passed with JDK Ubuntu-11.0.19+7-post-Ubuntu-0ubuntu120.04.1
+1 💚	compile	0m 37s		trunk passed with JDK Private Build-1.8.0_362-8u372-ga~~us1-0ubuntu1~~20.04-b09
+1 💚	mvnsite	0m 42s		trunk passed
+1 💚	javadoc	0m 54s		trunk passed with JDK Ubuntu-11.0.19+7-post-Ubuntu-0ubuntu120.04.1
+1 💚	javadoc	0m 43s		trunk passed with JDK Private Build-1.8.0_362-8u372-ga~~us1-0ubuntu1~~20.04-b09
+1 💚	shadedclient	64m 50s		branch has no errors when building and testing our client artifacts.
			_ Patch Compile Tests _
+1 💚	mvninstall	0m 33s		the patch passed
+1 💚	compile	0m 38s		the patch passed with JDK Ubuntu-11.0.19+7-post-Ubuntu-0ubuntu120.04.1
+1 💚	javac	0m 38s		the patch passed
+1 💚	compile	0m 31s		the patch passed with JDK Private Build-1.8.0_362-8u372-ga~~us1-0ubuntu1~~20.04-b09
+1 💚	javac	0m 31s		the patch passed
+1 💚	blanks	0m 0s		The patch has no blanks issues.
+1 💚	mvnsite	0m 33s		the patch passed
+1 💚	javadoc	0m 38s		the patch passed with JDK Ubuntu-11.0.19+7-post-Ubuntu-0ubuntu120.04.1
+1 💚	javadoc	0m 36s		the patch passed with JDK Private Build-1.8.0_362-8u372-ga~~us1-0ubuntu1~~20.04-b09
+1 💚	shadedclient	25m 13s		patch has no errors when building and testing our client artifacts.
			_ Other Tests _
+1 💚	unit	5m 13s		hadoop-yarn-common in the patch passed.
+1 💚	asflicense	0m 35s		The patch does not generate ASF License warnings.
		101m 46s

Subsystem	Report/Notes
Docker	ClientAPI=1.43 ServerAPI=1.43 base: https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-5623/3/artifact/out/Dockerfile
GITHUB PR	#5623
Optional Tests	dupname asflicense compile javac javadoc mvninstall mvnsite unit shadedclient codespell detsecrets xmllint
uname	Linux 31d4e1995729 4.15.0-206-generic #217-Ubuntu SMP Fri Feb 3 19:10:13 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux
Build tool	maven
Personality	dev-support/bin/hadoop.sh
git revision	trunk / `ed1088d`
Default Java	Private Build-1.8.0_362-8u372-ga~~us1-0ubuntu1~~20.04-b09
Multi-JDK versions	/usr/lib/jvm/java-11-openjdk-amd64:Ubuntu-11.0.19+7-post-Ubuntu-0ubuntu120.04.1 /usr/lib/jvm/java-8-openjdk-amd64:Private Build-1.8.0_362-8u372-ga~~us1-0ubuntu1~~20.04-b09
Test Results	https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-5623/3/testReport/
Max. process+thread count	530 (vs. ulimit of 5500)
modules	C: hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common U: hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common
Console output	https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-5623/3/console
versions	git=2.25.1 maven=3.6.3
Powered by	Apache Yetus 0.14.0 https://yetus.apache.org

This message was automatically generated.

tomicooler

@devaspatikrishnatri thanks, LGTM.

The other exclude can be done in a separate ticket and pull request.

The latest yetus run was OK, the test4tests is not relevant here.

brumi1024 · 2023-06-23T14:45:40Z

Thanks @devaspatikrishnatri for the patch, @tomicooler for the review. Merging to trunk.

pjfanning · 2023-06-24T09:20:17Z

@ayushtkn @steveloughran it would probably make sense to backport this to the v3.3 branch

steveloughran · 2023-06-26T13:10:26Z

ok: can someone do a backport PR for a test run?

pjfanning · 2023-06-26T13:27:42Z

I ran mvn dependencyTree in the branch-3.3 and the new version of jettison is what appears in the tree even without this change. So I don't think a backport is needed.

https://issues.apache.org/jira/browse/YARN-11498 provides no evidence of the problem it is trying to fix. Is this PR even needed?

steveloughran · 2023-06-26T14:46:07Z

maven picks up closest version to the root; ivy (hence gradle and SBT) does it differently. Sometimes downstream projects break even though hadoop is happy. this makes it worthwhile

pjfanning · 2023-06-26T14:51:34Z

Thanks for the feedback Steve.

This PR adds the exclusion to just one place where jersey-json is imported. Should it not add the exclusion in all places where jersey-json is imported? I can create a follow to this PR for trunk that does that. And then create a backport PR that includes this PR and my new PR.

steveloughran · 2023-06-27T12:37:14Z

I tried a cherrypick to branch-3.3 and the build failed as there's no explicit jettison import in that branch

[WARNING]
[ERROR] Failed to execute goal org.apache.maven.plugins:maven-compiler-plugin:3.1:compile (default-compile) on project hadoop-yarn-common: Compilation failure: Compilation failure:
[ERROR] /Users/stevel/hadoop/commit/apache-hadoop/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/util/YarnWebServiceUtils.java:[30,34] package org.codehaus.jettison.json does not exist
[ERROR] /Users/stevel/hadoop/commit/apache-hadoop/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/util/YarnWebServiceUtils.java:[53,17] cannot find symbol
[ERROR]   symbol:   class JSONObject
[ERROR]   location: class org.apache.hadoop.yarn.webapp.util.YarnWebServiceUtils
[ERROR] /Users/stevel/hadoop/commit/apache-hadoop/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/util/YarnWebServiceUtils.java:[70,18] cannot find symbol
[ERROR]   symbol:   class JSONObject
[ERROR]   location: class org.apache.hadoop.yarn.webapp.util.YarnWebServiceUtils
[ERROR] /Users/stevel/hadoop/commit/apache-hadoop/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/util/YarnWebServiceUtils.java:[79,33] cannot find symbol
[ERROR]   symbol:   class JSONObject
[ERROR]   location: class org.apache.hadoop.yarn.webapp.util.YarnWebServiceUtils
[ERROR] -> [Help 1]
[ERROR]

HADOOP-18732:Exclude jettison from jersery-json artifact as on older …

369a142

…version is being pulled

Update pom.xml

27bcde8

szilard-nemeth changed the title ~~HADOOP-18732:Exclude jettison from jersery-json artifact as on older …~~ HADOOP-18732:Exclude jettison from jersey-json artifact as on older … May 22, 2023

ayushtkn changed the title ~~HADOOP-18732:Exclude jettison from jersey-json artifact as on older …~~ YARN-11498. Exclude jettison from jersey-json artifact as on older version is being pulled May 23, 2023

Merge branch 'apache:trunk' into HADOOP-18732

ed1088d

tomicooler approved these changes Jun 1, 2023

View reviewed changes

brumi1024 merged commit eb88b9f into apache:trunk Jun 23, 2023

pjfanning mentioned this pull request Jun 27, 2023

YARN-11498 add exclusion for jettison everywhere jersey-json is loaded #5786

Merged

4 tasks

pjfanning mentioned this pull request Sep 13, 2023

YARN-11498 backport jettison exclusions #6063

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

YARN-11498. Exclude jettison from jersey-json artifact as on older version is being pulled #5623

YARN-11498. Exclude jettison from jersey-json artifact as on older version is being pulled #5623

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

YARN-11498. Exclude jettison from jersey-json artifact as on older version is being pulled #5623

YARN-11498. Exclude jettison from jersey-json artifact as on older version is being pulled #5623

Uh oh!

Conversation

Description of PR

How was this patch tested?

For code changes:

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!