Skip to content

DAOS-18637 cq: ignore GHSA-72hv-8253-57qq (#17642)#17641

Open
grom72 wants to merge 1 commit intorelease/2.6from
grom72/DAOS-18637-trivy-jackson-core-2.14.3-2.6
Open

DAOS-18637 cq: ignore GHSA-72hv-8253-57qq (#17642)#17641
grom72 wants to merge 1 commit intorelease/2.6from
grom72/DAOS-18637-trivy-jackson-core-2.14.3-2.6

Conversation

@grom72
Copy link
Contributor

@grom72 grom72 commented Mar 4, 2026
edited
Loading

Ignore the GHSA-72hv-8253-57qq vulnerability reported in com.fasterxml.jackson.core:jackson-core 2.14.3
The com.fasterxml.jackson.core:jackson-core can not be upgraded as it is a part of org.apache.hadoop:hadoop-common:3.4.2::2d40acbf and there is no new version of hadoop.

Backport of: #17642

Steps for the author:

  • Commit message follows the guidelines.
  • Appropriate Features or Test-tag pragmas were used.
  • Appropriate Functional Test Stages were run.
  • At least two positive code reviews including at least one code owner from each category referenced in the PR.
  • Testing is complete. If necessary, forced-landing label added and a reason added in a comment.

After all prior steps are complete:

  • Gatekeeper requested (daos-gatekeeper added as a reviewer).

@grom72
DAOS-18637 cq: ignore GHSA-72hv-8253-57qq
1b346e7 
Ignore the GHSA-72hv-8253-57qq vulnerability reported in
com.fasterxml.jackson.core:jackson-core 2.14.3
The com.fasterxml.jackson.core:jackson-core can not be upgraded as it is
a part of org.apache.hadoop:hadoop-common:3.4.2::2d40acbf and there is
no new version of hadoop.

Signed-off-by: Tomasz Gromadzki <tomasz.gromadzki@hpe.com>

Doc-only: true
@github-actions
Copy link

github-actions bot commented Mar 4, 2026
edited
Loading

Ticket title is 'java: trivy vulnerability in jackson-core 2.14.3'
Status is 'In Review'
Labels: 'request_for_2.6.5,request_for_2.8'
https://daosio.atlassian.net/browse/DAOS-18637

@grom72 grom72 changed the title DAOS-18637 cq: ignore GHSA-72hv-8253-57qq DAOS-18637 cq: ignore GHSA-72hv-8253-57qq (#17642) Mar 4, 2026
@grom72 grom72 added the clean-cherry-pick Cherry-pick from another branch that did not require additional edits label Mar 4, 2026
@phender phender mentioned this pull request Mar 4, 2026
Open
6 tasks
@grom72 grom72 requested a review from a team March 4, 2026 23:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@daltonbohning daltonbohning daltonbohning approved these changes

@phender phender phender approved these changes

@osalyk osalyk Awaiting requested review from osalyk

Assignees

No one assigned

Labels

clean-cherry-pick Cherry-pick from another branch that did not require additional edits

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@grom72 @daltonbohning @phender