This is an automated email from the ASF dual-hosted git repository. eolivelli pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/bookkeeper.git
The following commit(s) were added to refs/heads/master by this push: new c2df54d099 Bump jackson from 2.13.4.20221013 to 2.17.1 to address CVE list (#4345) c2df54d099 is described below commit c2df54d0992c577d02cc8772e2b2f1e735cb9b2f Author: ZhangJian He <shoot...@gmail.com> AuthorDate: Thu May 9 17:58:02 2024 +0800 Bump jackson from 2.13.4.20221013 to 2.17.1 to address CVE list (#4345) --- bookkeeper-dist/src/main/resources/LICENSE-all.bin.txt | 12 ++++++------ bookkeeper-dist/src/main/resources/LICENSE-bkctl.bin.txt | 12 ++++++------ bookkeeper-dist/src/main/resources/LICENSE-server.bin.txt | 12 ++++++------ pom.xml | 8 ++++---- 4 files changed, 22 insertions(+), 22 deletions(-) diff --git a/bookkeeper-dist/src/main/resources/LICENSE-all.bin.txt b/bookkeeper-dist/src/main/resources/LICENSE-all.bin.txt index e965681e35..053ab146d0 100644 --- a/bookkeeper-dist/src/main/resources/LICENSE-all.bin.txt +++ b/bookkeeper-dist/src/main/resources/LICENSE-all.bin.txt @@ -205,9 +205,9 @@ The following bundled 3rd party jars are distributed under the Apache Software License, Version 2. -- lib/com.fasterxml.jackson.core-jackson-annotations-2.13.4.jar [1] -- lib/com.fasterxml.jackson.core-jackson-core-2.13.4.jar [2] -- lib/com.fasterxml.jackson.core-jackson-databind-2.13.4.2.jar [3] +- lib/com.fasterxml.jackson.core-jackson-annotations-2.17.1.jar [1] +- lib/com.fasterxml.jackson.core-jackson-core-2.17.1.jar [2] +- lib/com.fasterxml.jackson.core-jackson-databind-2.17.1.jar [3] - lib/com.google.guava-guava-32.0.1-jre.jar [4] - lib/com.google.guava-failureaccess-1.0.1.jar [4] - lib/com.google.guava-listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar [4] @@ -351,9 +351,9 @@ Apache Software License, Version 2. - lib/org.jetbrains.kotlin-kotlin-stdlib-jdk8-1.6.20.jar [56] - lib/com.lmax-disruptor-4.0.0.jar [57] -[1] Source available at https://github.com/FasterXML/jackson-annotations/tree/jackson-annotations-2.13.4 -[2] Source available at https://github.com/FasterXML/jackson-core/tree/jackson-core-2.13.4 -[3] Source available at https://github.com/FasterXML/jackson-databind/tree/jackson-databind-2.13.4.2 +[1] Source available at https://github.com/FasterXML/jackson-annotations/tree/jackson-annotations-2.17.1 +[2] Source available at https://github.com/FasterXML/jackson-core/tree/jackson-core-2.17.1 +[3] Source available at https://github.com/FasterXML/jackson-databind/tree/jackson-databind-2.17.1 [4] Source available at https://github.com/google/guava/tree/v32.0.1 [5] Source available at https://github.com/apache/commons-cli/tree/cli-1.2 [6] Source available at https://github.com/apache/commons-codec/tree/commons-codec-1.6-RC2 diff --git a/bookkeeper-dist/src/main/resources/LICENSE-bkctl.bin.txt b/bookkeeper-dist/src/main/resources/LICENSE-bkctl.bin.txt index 9543b43bec..9c9769f514 100644 --- a/bookkeeper-dist/src/main/resources/LICENSE-bkctl.bin.txt +++ b/bookkeeper-dist/src/main/resources/LICENSE-bkctl.bin.txt @@ -205,9 +205,9 @@ The following bundled 3rd party jars are distributed under the Apache Software License, Version 2. -- lib/com.fasterxml.jackson.core-jackson-annotations-2.13.4.jar [1] -- lib/com.fasterxml.jackson.core-jackson-core-2.13.4.jar [2] -- lib/com.fasterxml.jackson.core-jackson-databind-2.13.4.2.jar [3] +- lib/com.fasterxml.jackson.core-jackson-annotations-2.17.1.jar [1] +- lib/com.fasterxml.jackson.core-jackson-core-2.17.1.jar [2] +- lib/com.fasterxml.jackson.core-jackson-databind-2.17.1.jar [3] - lib/com.google.guava-guava-32.0.1-jre.jar [4] - lib/com.google.guava-failureaccess-1.0.1.jar [4] - lib/com.google.guava-listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar [4] @@ -294,9 +294,9 @@ Apache Software License, Version 2. - lib/com.carrotsearch-hppc-0.9.1.jar [52] - lib/com.lmax-disruptor-4.0.0.jar [53] -[1] Source available at https://github.com/FasterXML/jackson-annotations/tree/jackson-annotations-2.13.4 -[2] Source available at https://github.com/FasterXML/jackson-core/tree/jackson-core-2.13.4 -[3] Source available at https://github.com/FasterXML/jackson-databind/tree/jackson-databind-2.13.4.2 +[1] Source available at https://github.com/FasterXML/jackson-annotations/tree/jackson-annotations-2.17.1 +[2] Source available at https://github.com/FasterXML/jackson-core/tree/jackson-core-2.17.1 +[3] Source available at https://github.com/FasterXML/jackson-databind/tree/jackson-databind-2.17.1 [4] Source available at https://github.com/google/guava/tree/v32.0.1 [5] Source available at https://github.com/apache/commons-cli/tree/cli-1.2 [6] Source available at https://github.com/apache/commons-codec/tree/commons-codec-1.6-RC2 diff --git a/bookkeeper-dist/src/main/resources/LICENSE-server.bin.txt b/bookkeeper-dist/src/main/resources/LICENSE-server.bin.txt index 939e07fdf4..dc1922b329 100644 --- a/bookkeeper-dist/src/main/resources/LICENSE-server.bin.txt +++ b/bookkeeper-dist/src/main/resources/LICENSE-server.bin.txt @@ -205,9 +205,9 @@ The following bundled 3rd party jars are distributed under the Apache Software License, Version 2. -- lib/com.fasterxml.jackson.core-jackson-annotations-2.13.4.jar [1] -- lib/com.fasterxml.jackson.core-jackson-core-2.13.4.jar [2] -- lib/com.fasterxml.jackson.core-jackson-databind-2.13.4.2.jar [3] +- lib/com.fasterxml.jackson.core-jackson-annotations-2.17.1.jar [1] +- lib/com.fasterxml.jackson.core-jackson-core-2.17.1.jar [2] +- lib/com.fasterxml.jackson.core-jackson-databind-2.17.1.jar [3] - lib/com.google.guava-guava-32.0.1-jre.jar [4] - lib/com.google.guava-failureaccess-1.0.1.jar [4] - lib/com.google.guava-listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar [4] @@ -347,9 +347,9 @@ Apache Software License, Version 2. - lib/org.jetbrains.kotlin-kotlin-stdlib-jdk8-1.6.20.jar [55] - lib/com.lmax-disruptor-4.0.0.jar [56] -[1] Source available at https://github.com/FasterXML/jackson-annotations/tree/jackson-annotations-2.13.4 -[2] Source available at https://github.com/FasterXML/jackson-core/tree/jackson-core-2.13.4 -[3] Source available at https://github.com/FasterXML/jackson-databind/tree/jackson-databind-2.13.4.2 +[1] Source available at https://github.com/FasterXML/jackson-annotations/tree/jackson-annotations-2.17.1 +[2] Source available at https://github.com/FasterXML/jackson-core/tree/jackson-core-2.17.1 +[3] Source available at https://github.com/FasterXML/jackson-databind/tree/jackson-databind-2.17.1 [4] Source available at https://github.com/google/guava/tree/v32.0.1 [5] Source available at https://github.com/apache/commons-cli/tree/cli-1.2 [6] Source available at https://github.com/apache/commons-codec/tree/commons-codec-1.6-RC2 diff --git a/pom.xml b/pom.xml index bd6db15166..c8eb15dab7 100644 --- a/pom.xml +++ b/pom.xml @@ -19,7 +19,7 @@ <parent> <groupId>org.apache</groupId> <artifactId>apache</artifactId> - <version>29</version> + <version>31</version> </parent> <modelVersion>4.0.0</modelVersion> <groupId>org.apache.bookkeeper</groupId> @@ -78,14 +78,14 @@ <subscribe>user-subscr...@bookkeeper.apache.org</subscribe> <unsubscribe>user-unsubscr...@bookkeeper.apache.org</unsubscribe> <post>u...@bookkeeper.apache.org</post> - <archive>http://www.mail-archive.com/user@bookkeeper.apache.org</archive> + <archive>https://www.mail-archive.com/user@bookkeeper.apache.org</archive> </mailingList> <mailingList> <name>BookKeeper Dev</name> <subscribe>dev-subscr...@bookkeeper.apache.org</subscribe> <unsubscribe>dev-unsubscr...@bookkeeper.apache.org</unsubscribe> <post>d...@bookkeeper.apache.org</post> - <archive>http://www.mail-archive.com/dev@bookkeeper.apache.org</archive> + <archive>https://www.mail-archive.com/dev@bookkeeper.apache.org</archive> </mailingList> <mailingList> <name>BookKeeper Commits</name> @@ -140,7 +140,7 @@ <kerby.version>1.1.1</kerby.version> <hadoop.version>3.3.5</hadoop.version> <hdrhistogram.version>2.1.10</hdrhistogram.version> - <jackson.version>2.13.4.20221013</jackson.version> + <jackson.version>2.17.1</jackson.version> <jcommander.version>1.82</jcommander.version> <jetty.version>9.4.53.v20231009</jetty.version> <jmh.version>1.37</jmh.version>