This is an automated email from the ASF dual-hosted git repository.
shoothzj pushed a commit to branch branch-4.17
in repository https://gitbox.apache.org/repos/asf/bookkeeper.git
The following commit(s) were added to refs/heads/branch-4.17 by this push:
new 6c042fb036 Bump jackson from 2.13.4.20221013 to 2.17.1 to address CVE
list (#4345)
6c042fb036 is described below
commit 6c042fb036e80eaf10d3ba895df371aa2f5108f6
Author: ZhangJian He <[email protected]>
AuthorDate: Thu May 9 17:58:02 2024 +0800
Bump jackson from 2.13.4.20221013 to 2.17.1 to address CVE list (#4345)
---
bookkeeper-dist/src/main/resources/LICENSE-all.bin.txt | 12 ++++++------
bookkeeper-dist/src/main/resources/LICENSE-bkctl.bin.txt | 12 ++++++------
bookkeeper-dist/src/main/resources/LICENSE-server.bin.txt | 12 ++++++------
pom.xml | 8 ++++----
4 files changed, 22 insertions(+), 22 deletions(-)
diff --git a/bookkeeper-dist/src/main/resources/LICENSE-all.bin.txt
b/bookkeeper-dist/src/main/resources/LICENSE-all.bin.txt
index da1adf2656..75f89d11f7 100644
--- a/bookkeeper-dist/src/main/resources/LICENSE-all.bin.txt
+++ b/bookkeeper-dist/src/main/resources/LICENSE-all.bin.txt
@@ -205,9 +205,9 @@
The following bundled 3rd party jars are distributed under the
Apache Software License, Version 2.
-- lib/com.fasterxml.jackson.core-jackson-annotations-2.13.4.jar [1]
-- lib/com.fasterxml.jackson.core-jackson-core-2.13.4.jar [2]
-- lib/com.fasterxml.jackson.core-jackson-databind-2.13.4.2.jar [3]
+- lib/com.fasterxml.jackson.core-jackson-annotations-2.17.1.jar [1]
+- lib/com.fasterxml.jackson.core-jackson-core-2.17.1.jar [2]
+- lib/com.fasterxml.jackson.core-jackson-databind-2.17.1.jar [3]
- lib/com.google.guava-guava-32.0.1-jre.jar [4]
- lib/com.google.guava-failureaccess-1.0.1.jar [4]
-
lib/com.google.guava-listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar
[4]
@@ -350,9 +350,9 @@ Apache Software License, Version 2.
- lib/org.jetbrains.kotlin-kotlin-stdlib-jdk7-1.6.20.jar [56]
- lib/org.jetbrains.kotlin-kotlin-stdlib-jdk8-1.6.20.jar [56]
-[1] Source available at
https://github.com/FasterXML/jackson-annotations/tree/jackson-annotations-2.13.4
-[2] Source available at
https://github.com/FasterXML/jackson-core/tree/jackson-core-2.13.4
-[3] Source available at
https://github.com/FasterXML/jackson-databind/tree/jackson-databind-2.13.4.2
+[1] Source available at
https://github.com/FasterXML/jackson-annotations/tree/jackson-annotations-2.17.1
+[2] Source available at
https://github.com/FasterXML/jackson-core/tree/jackson-core-2.17.1
+[3] Source available at
https://github.com/FasterXML/jackson-databind/tree/jackson-databind-2.17.1
[4] Source available at https://github.com/google/guava/tree/v32.0.1
[5] Source available at https://github.com/apache/commons-cli/tree/cli-1.2
[6] Source available at
https://github.com/apache/commons-codec/tree/commons-codec-1.6-RC2
diff --git a/bookkeeper-dist/src/main/resources/LICENSE-bkctl.bin.txt
b/bookkeeper-dist/src/main/resources/LICENSE-bkctl.bin.txt
index 646b19b208..887646ba6e 100644
--- a/bookkeeper-dist/src/main/resources/LICENSE-bkctl.bin.txt
+++ b/bookkeeper-dist/src/main/resources/LICENSE-bkctl.bin.txt
@@ -205,9 +205,9 @@
The following bundled 3rd party jars are distributed under the
Apache Software License, Version 2.
-- lib/com.fasterxml.jackson.core-jackson-annotations-2.13.4.jar [1]
-- lib/com.fasterxml.jackson.core-jackson-core-2.13.4.jar [2]
-- lib/com.fasterxml.jackson.core-jackson-databind-2.13.4.2.jar [3]
+- lib/com.fasterxml.jackson.core-jackson-annotations-2.17.1.jar [1]
+- lib/com.fasterxml.jackson.core-jackson-core-2.17.1.jar [2]
+- lib/com.fasterxml.jackson.core-jackson-databind-2.17.1.jar [3]
- lib/com.google.guava-guava-32.0.1-jre.jar [4]
- lib/com.google.guava-failureaccess-1.0.1.jar [4]
-
lib/com.google.guava-listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar
[4]
@@ -293,9 +293,9 @@ Apache Software License, Version 2.
- lib/io.reactivex.rxjava3-rxjava-3.0.1.jar [51]
- lib/com.carrotsearch-hppc-0.9.1.jar [52]
-[1] Source available at
https://github.com/FasterXML/jackson-annotations/tree/jackson-annotations-2.13.4
-[2] Source available at
https://github.com/FasterXML/jackson-core/tree/jackson-core-2.13.4
-[3] Source available at
https://github.com/FasterXML/jackson-databind/tree/jackson-databind-2.13.4.2
+[1] Source available at
https://github.com/FasterXML/jackson-annotations/tree/jackson-annotations-2.17.1
+[2] Source available at
https://github.com/FasterXML/jackson-core/tree/jackson-core-2.17.1
+[3] Source available at
https://github.com/FasterXML/jackson-databind/tree/jackson-databind-2.17.1
[4] Source available at https://github.com/google/guava/tree/v32.0.1
[5] Source available at https://github.com/apache/commons-cli/tree/cli-1.2
[6] Source available at
https://github.com/apache/commons-codec/tree/commons-codec-1.6-RC2
diff --git a/bookkeeper-dist/src/main/resources/LICENSE-server.bin.txt
b/bookkeeper-dist/src/main/resources/LICENSE-server.bin.txt
index 93e8a827ce..5ef75c9923 100644
--- a/bookkeeper-dist/src/main/resources/LICENSE-server.bin.txt
+++ b/bookkeeper-dist/src/main/resources/LICENSE-server.bin.txt
@@ -205,9 +205,9 @@
The following bundled 3rd party jars are distributed under the
Apache Software License, Version 2.
-- lib/com.fasterxml.jackson.core-jackson-annotations-2.13.4.jar [1]
-- lib/com.fasterxml.jackson.core-jackson-core-2.13.4.jar [2]
-- lib/com.fasterxml.jackson.core-jackson-databind-2.13.4.2.jar [3]
+- lib/com.fasterxml.jackson.core-jackson-annotations-2.17.1.jar [1]
+- lib/com.fasterxml.jackson.core-jackson-core-2.17.1.jar [2]
+- lib/com.fasterxml.jackson.core-jackson-databind-2.17.1.jar [3]
- lib/com.google.guava-guava-32.0.1-jre.jar [4]
- lib/com.google.guava-failureaccess-1.0.1.jar [4]
-
lib/com.google.guava-listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar
[4]
@@ -346,9 +346,9 @@ Apache Software License, Version 2.
- lib/org.jetbrains.kotlin-kotlin-stdlib-jdk7-1.6.20.jar [55]
- lib/org.jetbrains.kotlin-kotlin-stdlib-jdk8-1.6.20.jar [55]
-[1] Source available at
https://github.com/FasterXML/jackson-annotations/tree/jackson-annotations-2.13.4
-[2] Source available at
https://github.com/FasterXML/jackson-core/tree/jackson-core-2.13.4
-[3] Source available at
https://github.com/FasterXML/jackson-databind/tree/jackson-databind-2.13.4.2
+[1] Source available at
https://github.com/FasterXML/jackson-annotations/tree/jackson-annotations-2.17.1
+[2] Source available at
https://github.com/FasterXML/jackson-core/tree/jackson-core-2.17.1
+[3] Source available at
https://github.com/FasterXML/jackson-databind/tree/jackson-databind-2.17.1
[4] Source available at https://github.com/google/guava/tree/v32.0.1
[5] Source available at https://github.com/apache/commons-cli/tree/cli-1.2
[6] Source available at
https://github.com/apache/commons-codec/tree/commons-codec-1.6-RC2
diff --git a/pom.xml b/pom.xml
index 447be7cfdc..93ee2a8c62 100644
--- a/pom.xml
+++ b/pom.xml
@@ -19,7 +19,7 @@
<parent>
<groupId>org.apache</groupId>
<artifactId>apache</artifactId>
- <version>29</version>
+ <version>31</version>
</parent>
<modelVersion>4.0.0</modelVersion>
<groupId>org.apache.bookkeeper</groupId>
@@ -78,14 +78,14 @@
<subscribe>[email protected]</subscribe>
<unsubscribe>[email protected]</unsubscribe>
<post>[email protected]</post>
- <archive>http://www.mail-archive.com/[email protected]</archive>
+
<archive>https://www.mail-archive.com/[email protected]</archive>
</mailingList>
<mailingList>
<name>BookKeeper Dev</name>
<subscribe>[email protected]</subscribe>
<unsubscribe>[email protected]</unsubscribe>
<post>[email protected]</post>
- <archive>http://www.mail-archive.com/[email protected]</archive>
+ <archive>https://www.mail-archive.com/[email protected]</archive>
</mailingList>
<mailingList>
<name>BookKeeper Commits</name>
@@ -138,7 +138,7 @@
<kerby.version>1.1.1</kerby.version>
<hadoop.version>3.3.5</hadoop.version>
<hdrhistogram.version>2.1.10</hdrhistogram.version>
- <jackson.version>2.13.4.20221013</jackson.version>
+ <jackson.version>2.17.1</jackson.version>
<jcommander.version>1.82</jcommander.version>
<jetty.version>9.4.53.v20231009</jetty.version>
<jmh.version>1.37</jmh.version>
