This is an automated email from the ASF dual-hosted git repository.
eolivelli pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/bookkeeper.git
The following commit(s) were added to refs/heads/master by this push:
new c2df54d099 Bump jackson from 2.13.4.20221013 to 2.17.1 to address CVE
list (#4345)
c2df54d099 is described below
commit c2df54d0992c577d02cc8772e2b2f1e735cb9b2f
Author: ZhangJian He <shoot...@gmail.com>
AuthorDate: Thu May 9 17:58:02 2024 +0800
Bump jackson from 2.13.4.20221013 to 2.17.1 to address CVE list (#4345)
---
bookkeeper-dist/src/main/resources/LICENSE-all.bin.txt | 12 ++++++------
bookkeeper-dist/src/main/resources/LICENSE-bkctl.bin.txt | 12 ++++++------
bookkeeper-dist/src/main/resources/LICENSE-server.bin.txt | 12 ++++++------
pom.xml | 8 ++++----
4 files changed, 22 insertions(+), 22 deletions(-)
diff --git a/bookkeeper-dist/src/main/resources/LICENSE-all.bin.txt
b/bookkeeper-dist/src/main/resources/LICENSE-all.bin.txt
index e965681e35..053ab146d0 100644
--- a/bookkeeper-dist/src/main/resources/LICENSE-all.bin.txt
+++ b/bookkeeper-dist/src/main/resources/LICENSE-all.bin.txt
@@ -205,9 +205,9 @@
The following bundled 3rd party jars are distributed under the
Apache Software License, Version 2.
-- lib/com.fasterxml.jackson.core-jackson-annotations-2.13.4.jar [1]
-- lib/com.fasterxml.jackson.core-jackson-core-2.13.4.jar [2]
-- lib/com.fasterxml.jackson.core-jackson-databind-2.13.4.2.jar [3]
+- lib/com.fasterxml.jackson.core-jackson-annotations-2.17.1.jar [1]
+- lib/com.fasterxml.jackson.core-jackson-core-2.17.1.jar [2]
+- lib/com.fasterxml.jackson.core-jackson-databind-2.17.1.jar [3]
- lib/com.google.guava-guava-32.0.1-jre.jar [4]
- lib/com.google.guava-failureaccess-1.0.1.jar [4]
-
lib/com.google.guava-listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar
[4]
@@ -351,9 +351,9 @@ Apache Software License, Version 2.
- lib/org.jetbrains.kotlin-kotlin-stdlib-jdk8-1.6.20.jar [56]
- lib/com.lmax-disruptor-4.0.0.jar [57]
-[1] Source available at
https://github.com/FasterXML/jackson-annotations/tree/jackson-annotations-2.13.4
-[2] Source available at
https://github.com/FasterXML/jackson-core/tree/jackson-core-2.13.4
-[3] Source available at
https://github.com/FasterXML/jackson-databind/tree/jackson-databind-2.13.4.2
+[1] Source available at
https://github.com/FasterXML/jackson-annotations/tree/jackson-annotations-2.17.1
+[2] Source available at
https://github.com/FasterXML/jackson-core/tree/jackson-core-2.17.1
+[3] Source available at
https://github.com/FasterXML/jackson-databind/tree/jackson-databind-2.17.1
[4] Source available at https://github.com/google/guava/tree/v32.0.1
[5] Source available at https://github.com/apache/commons-cli/tree/cli-1.2
[6] Source available at
https://github.com/apache/commons-codec/tree/commons-codec-1.6-RC2
diff --git a/bookkeeper-dist/src/main/resources/LICENSE-bkctl.bin.txt
b/bookkeeper-dist/src/main/resources/LICENSE-bkctl.bin.txt
index 9543b43bec..9c9769f514 100644
--- a/bookkeeper-dist/src/main/resources/LICENSE-bkctl.bin.txt
+++ b/bookkeeper-dist/src/main/resources/LICENSE-bkctl.bin.txt
@@ -205,9 +205,9 @@
The following bundled 3rd party jars are distributed under the
Apache Software License, Version 2.
-- lib/com.fasterxml.jackson.core-jackson-annotations-2.13.4.jar [1]
-- lib/com.fasterxml.jackson.core-jackson-core-2.13.4.jar [2]
-- lib/com.fasterxml.jackson.core-jackson-databind-2.13.4.2.jar [3]
+- lib/com.fasterxml.jackson.core-jackson-annotations-2.17.1.jar [1]
+- lib/com.fasterxml.jackson.core-jackson-core-2.17.1.jar [2]
+- lib/com.fasterxml.jackson.core-jackson-databind-2.17.1.jar [3]
- lib/com.google.guava-guava-32.0.1-jre.jar [4]
- lib/com.google.guava-failureaccess-1.0.1.jar [4]
-
lib/com.google.guava-listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar
[4]
@@ -294,9 +294,9 @@ Apache Software License, Version 2.
- lib/com.carrotsearch-hppc-0.9.1.jar [52]
- lib/com.lmax-disruptor-4.0.0.jar [53]
-[1] Source available at
https://github.com/FasterXML/jackson-annotations/tree/jackson-annotations-2.13.4
-[2] Source available at
https://github.com/FasterXML/jackson-core/tree/jackson-core-2.13.4
-[3] Source available at
https://github.com/FasterXML/jackson-databind/tree/jackson-databind-2.13.4.2
+[1] Source available at
https://github.com/FasterXML/jackson-annotations/tree/jackson-annotations-2.17.1
+[2] Source available at
https://github.com/FasterXML/jackson-core/tree/jackson-core-2.17.1
+[3] Source available at
https://github.com/FasterXML/jackson-databind/tree/jackson-databind-2.17.1
[4] Source available at https://github.com/google/guava/tree/v32.0.1
[5] Source available at https://github.com/apache/commons-cli/tree/cli-1.2
[6] Source available at
https://github.com/apache/commons-codec/tree/commons-codec-1.6-RC2
diff --git a/bookkeeper-dist/src/main/resources/LICENSE-server.bin.txt
b/bookkeeper-dist/src/main/resources/LICENSE-server.bin.txt
index 939e07fdf4..dc1922b329 100644
--- a/bookkeeper-dist/src/main/resources/LICENSE-server.bin.txt
+++ b/bookkeeper-dist/src/main/resources/LICENSE-server.bin.txt
@@ -205,9 +205,9 @@
The following bundled 3rd party jars are distributed under the
Apache Software License, Version 2.
-- lib/com.fasterxml.jackson.core-jackson-annotations-2.13.4.jar [1]
-- lib/com.fasterxml.jackson.core-jackson-core-2.13.4.jar [2]
-- lib/com.fasterxml.jackson.core-jackson-databind-2.13.4.2.jar [3]
+- lib/com.fasterxml.jackson.core-jackson-annotations-2.17.1.jar [1]
+- lib/com.fasterxml.jackson.core-jackson-core-2.17.1.jar [2]
+- lib/com.fasterxml.jackson.core-jackson-databind-2.17.1.jar [3]
- lib/com.google.guava-guava-32.0.1-jre.jar [4]
- lib/com.google.guava-failureaccess-1.0.1.jar [4]
-
lib/com.google.guava-listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar
[4]
@@ -347,9 +347,9 @@ Apache Software License, Version 2.
- lib/org.jetbrains.kotlin-kotlin-stdlib-jdk8-1.6.20.jar [55]
- lib/com.lmax-disruptor-4.0.0.jar [56]
-[1] Source available at
https://github.com/FasterXML/jackson-annotations/tree/jackson-annotations-2.13.4
-[2] Source available at
https://github.com/FasterXML/jackson-core/tree/jackson-core-2.13.4
-[3] Source available at
https://github.com/FasterXML/jackson-databind/tree/jackson-databind-2.13.4.2
+[1] Source available at
https://github.com/FasterXML/jackson-annotations/tree/jackson-annotations-2.17.1
+[2] Source available at
https://github.com/FasterXML/jackson-core/tree/jackson-core-2.17.1
+[3] Source available at
https://github.com/FasterXML/jackson-databind/tree/jackson-databind-2.17.1
[4] Source available at https://github.com/google/guava/tree/v32.0.1
[5] Source available at https://github.com/apache/commons-cli/tree/cli-1.2
[6] Source available at
https://github.com/apache/commons-codec/tree/commons-codec-1.6-RC2
diff --git a/pom.xml b/pom.xml
index bd6db15166..c8eb15dab7 100644
--- a/pom.xml
+++ b/pom.xml
@@ -19,7 +19,7 @@
<parent>
<groupId>org.apache</groupId>
<artifactId>apache</artifactId>
- <version>29</version>
+ <version>31</version>
</parent>
<modelVersion>4.0.0</modelVersion>
<groupId>org.apache.bookkeeper</groupId>
@@ -78,14 +78,14 @@
<subscribe>user-subscr...@bookkeeper.apache.org</subscribe>
<unsubscribe>user-unsubscr...@bookkeeper.apache.org</unsubscribe>
<post>u...@bookkeeper.apache.org</post>
- <archive>http://www.mail-archive.com/user@bookkeeper.apache.org</archive>
+
<archive>https://www.mail-archive.com/user@bookkeeper.apache.org</archive>
</mailingList>
<mailingList>
<name>BookKeeper Dev</name>
<subscribe>dev-subscr...@bookkeeper.apache.org</subscribe>
<unsubscribe>dev-unsubscr...@bookkeeper.apache.org</unsubscribe>
<post>d...@bookkeeper.apache.org</post>
- <archive>http://www.mail-archive.com/dev@bookkeeper.apache.org</archive>
+ <archive>https://www.mail-archive.com/dev@bookkeeper.apache.org</archive>
</mailingList>
<mailingList>
<name>BookKeeper Commits</name>
@@ -140,7 +140,7 @@
<kerby.version>1.1.1</kerby.version>
<hadoop.version>3.3.5</hadoop.version>
<hdrhistogram.version>2.1.10</hdrhistogram.version>
- <jackson.version>2.13.4.20221013</jackson.version>
+ <jackson.version>2.17.1</jackson.version>
<jcommander.version>1.82</jcommander.version>
<jetty.version>9.4.53.v20231009</jetty.version>
<jmh.version>1.37</jmh.version>
