From a2ebe71e46d49a0bf6f7b59376cfae03d54ac399 Mon Sep 17 00:00:00 2001
From: Wei-Chiu Chuang <weichiu@cloudera.com>
Date: Wed, 4 Mar 2020 15:56:10 -0800
Subject: [PATCH 1/3] HADOOP-16905. Update jackson-databind to 2.10.3 to
 relieve us from the endless CVE patches.

Change-Id: I452a76bd9f71a0dd2ffb0f32df35c941d3b24aa3
---
 hadoop-project/pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hadoop-project/pom.xml b/hadoop-project/pom.xml
index 2f87170a669b8..b5b66723334c1 100644
--- a/hadoop-project/pom.xml
+++ b/hadoop-project/pom.xml
@@ -72,7 +72,7 @@
     <!-- jackson versions -->
     <jackson.version>1.9.13</jackson.version>
     <jackson2.version>2.9.10</jackson2.version>
-    <jackson2.databind.version>2.9.10.3</jackson2.databind.version>
+    <jackson2.databind.version>2.10.3</jackson2.databind.version>
 
     <!-- httpcomponents versions -->
     <httpclient.version>4.5.6</httpclient.version>

From ea722ad229635797d107e176ce471fe860dba162 Mon Sep 17 00:00:00 2001
From: Wei-Chiu Chuang <weichiu@cloudera.com>
Date: Thu, 5 Mar 2020 06:03:19 -0800
Subject: [PATCH 2/3] Shade javax/xml/bind

Change-Id: I2915844b8e74f7f3e4fbb62bde8f0db76bcf1166
---
 hadoop-client-modules/hadoop-client-runtime/pom.xml | 7 +++++++
 hadoop-project/pom.xml                              | 2 +-
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/hadoop-client-modules/hadoop-client-runtime/pom.xml b/hadoop-client-modules/hadoop-client-runtime/pom.xml
index 552cd9c1d88c7..496023521bf89 100644
--- a/hadoop-client-modules/hadoop-client-runtime/pom.xml
+++ b/hadoop-client-modules/hadoop-client-runtime/pom.xml
@@ -339,6 +339,13 @@
                         <exclude>**/pom.xml</exclude>
                       </excludes>
                     </relocation>
+                    <relocation>
+                      <pattern>javax/xml/bind/</pattern>
+                      <shadedPattern>${shaded.dependency.prefix}.javax.xml.bind.</shadedPattern>
+                      <excludes>
+                        <exclude>**/pom.xml</exclude>
+                      </excludes>
+                    </relocation>
                     <relocation>
                       <pattern>net/</pattern>
                       <shadedPattern>${shaded.dependency.prefix}.net.</shadedPattern>
diff --git a/hadoop-project/pom.xml b/hadoop-project/pom.xml
index b5b66723334c1..2f87170a669b8 100644
--- a/hadoop-project/pom.xml
+++ b/hadoop-project/pom.xml
@@ -72,7 +72,7 @@
     <!-- jackson versions -->
     <jackson.version>1.9.13</jackson.version>
     <jackson2.version>2.9.10</jackson2.version>
-    <jackson2.databind.version>2.10.3</jackson2.databind.version>
+    <jackson2.databind.version>2.9.10.3</jackson2.databind.version>
 
     <!-- httpcomponents versions -->
     <httpclient.version>4.5.6</httpclient.version>

From a1f9995cb510e8d7b4d49b9042bd17ec7186c317 Mon Sep 17 00:00:00 2001
From: Wei-Chiu Chuang <weichiu@cloudera.com>
Date: Thu, 5 Mar 2020 18:35:39 -0800
Subject: [PATCH 3/3] Update jackson to the correct version.

Change-Id: Ib375852c3372d61e9122db3ed48b40b73cd2ff15
---
 hadoop-project/pom.xml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/hadoop-project/pom.xml b/hadoop-project/pom.xml
index 2f87170a669b8..a390e71030cf9 100644
--- a/hadoop-project/pom.xml
+++ b/hadoop-project/pom.xml
@@ -71,8 +71,8 @@
 
     <!-- jackson versions -->
     <jackson.version>1.9.13</jackson.version>
-    <jackson2.version>2.9.10</jackson2.version>
-    <jackson2.databind.version>2.9.10.3</jackson2.databind.version>
+    <jackson2.version>2.10.3</jackson2.version>
+    <jackson2.databind.version>2.10.3</jackson2.databind.version>
 
     <!-- httpcomponents versions -->
     <httpclient.version>4.5.6</httpclient.version>