This is an automated email from the ASF dual-hosted git repository. yong pushed a commit to branch branch-4.15 in repository https://gitbox.apache.org/repos/asf/bookkeeper.git
commit 6c3586a157acd369668278b4808d701c1f73dfdb Author: ZhangJian He <[email protected]> AuthorDate: Sun Oct 9 11:47:29 2022 +0800 Bump jackson version to 2.13.4 (#3518) Bump jackson version to 2.13.4 to solve CVE-2022-42004 (cherry picked from commit 6e43c0a8c6447ada7b1cf46243396ea1abfe01b9) --- bookkeeper-dist/src/main/resources/LICENSE-all.bin.txt | 6 +++--- bookkeeper-dist/src/main/resources/LICENSE-bkctl.bin.txt | 6 +++--- bookkeeper-dist/src/main/resources/LICENSE-server.bin.txt | 6 +++--- pom.xml | 2 +- 4 files changed, 10 insertions(+), 10 deletions(-) diff --git a/bookkeeper-dist/src/main/resources/LICENSE-all.bin.txt b/bookkeeper-dist/src/main/resources/LICENSE-all.bin.txt index 8fcebb12b5..98efa359c9 100644 --- a/bookkeeper-dist/src/main/resources/LICENSE-all.bin.txt +++ b/bookkeeper-dist/src/main/resources/LICENSE-all.bin.txt @@ -205,9 +205,9 @@ The following bundled 3rd party jars are distributed under the Apache Software License, Version 2. -- lib/com.fasterxml.jackson.core-jackson-annotations-2.13.2.jar [1] -- lib/com.fasterxml.jackson.core-jackson-core-2.13.2.jar [2] -- lib/com.fasterxml.jackson.core-jackson-databind-2.13.2.2.jar [3] +- lib/com.fasterxml.jackson.core-jackson-annotations-2.13.4.jar [1] +- lib/com.fasterxml.jackson.core-jackson-core-2.13.4.jar [2] +- lib/com.fasterxml.jackson.core-jackson-databind-2.13.4.jar [3] - lib/com.google.guava-guava-31.0.1-jre.jar [4] - lib/com.google.guava-failureaccess-1.0.1.jar [4] - lib/com.google.guava-listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar [4] diff --git a/bookkeeper-dist/src/main/resources/LICENSE-bkctl.bin.txt b/bookkeeper-dist/src/main/resources/LICENSE-bkctl.bin.txt index 5b7421d020..a8122c5675 100644 --- a/bookkeeper-dist/src/main/resources/LICENSE-bkctl.bin.txt +++ b/bookkeeper-dist/src/main/resources/LICENSE-bkctl.bin.txt @@ -205,9 +205,9 @@ The following bundled 3rd party jars are distributed under the Apache Software License, Version 2. -- lib/com.fasterxml.jackson.core-jackson-annotations-2.13.2.jar [1] -- lib/com.fasterxml.jackson.core-jackson-core-2.13.2.jar [2] -- lib/com.fasterxml.jackson.core-jackson-databind-2.13.2.2.jar [3] +- lib/com.fasterxml.jackson.core-jackson-annotations-2.13.4.jar [1] +- lib/com.fasterxml.jackson.core-jackson-core-2.13.4.jar [2] +- lib/com.fasterxml.jackson.core-jackson-databind-2.13.4.jar [3] - lib/com.google.guava-guava-31.0.1-jre.jar [4] - lib/com.google.guava-failureaccess-1.0.1.jar [4] - lib/com.google.guava-listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar [4] diff --git a/bookkeeper-dist/src/main/resources/LICENSE-server.bin.txt b/bookkeeper-dist/src/main/resources/LICENSE-server.bin.txt index e3dc9c2078..8cdf679c2a 100644 --- a/bookkeeper-dist/src/main/resources/LICENSE-server.bin.txt +++ b/bookkeeper-dist/src/main/resources/LICENSE-server.bin.txt @@ -205,9 +205,9 @@ The following bundled 3rd party jars are distributed under the Apache Software License, Version 2. -- lib/com.fasterxml.jackson.core-jackson-annotations-2.13.2.jar [1] -- lib/com.fasterxml.jackson.core-jackson-core-2.13.2.jar [2] -- lib/com.fasterxml.jackson.core-jackson-databind-2.13.2.2.jar [3] +- lib/com.fasterxml.jackson.core-jackson-annotations-2.13.4.jar [1] +- lib/com.fasterxml.jackson.core-jackson-core-2.13.4.jar [2] +- lib/com.fasterxml.jackson.core-jackson-databind-2.13.4.jar [3] - lib/com.google.guava-guava-31.0.1-jre.jar [4] - lib/com.google.guava-failureaccess-1.0.1.jar [4] - lib/com.google.guava-listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar [4] diff --git a/pom.xml b/pom.xml index ec72d10d40..d9b14dd3a9 100644 --- a/pom.xml +++ b/pom.xml @@ -141,7 +141,7 @@ <hadoop.version>3.2.4</hadoop.version> <hamcrest.version>1.3</hamcrest.version> <hdrhistogram.version>2.1.10</hdrhistogram.version> - <jackson.version>2.13.2.20220328</jackson.version> + <jackson.version>2.13.4</jackson.version> <jcommander.version>1.78</jcommander.version> <jetty.version>9.4.48.v20220622</jetty.version> <jmh.version>1.19</jmh.version>
