* HADOOP-18587. Fixing jettison vulnerability of hadoop-common lib * no need for excluding, let it come Change-Id: Ia6e4ad351158dd4b0510dec34bbde531a60e7654
@@ -175,6 +175,14 @@
</exclusion>
</exclusions>
</dependency>
+ <dependency>
+ <!--
+ adding jettison as direct dependency (as jersey-json's jettison dependency is vulnerable with verison 1.1),
+ so those who depends on hadoop-common externally will get the non-vulnerable jettison
+ -->
+ <groupId>org.codehaus.jettison</groupId>
+ <artifactId>jettison</artifactId>
+ </dependency>
<dependency>
<groupId>com.sun.jersey</groupId>
<artifactId>jersey-server</artifactId>
Andras Katona