This is an automated email from the ASF dual-hosted git repository. shoothzj pushed a commit to branch branch-4.17 in repository https://gitbox.apache.org/repos/asf/bookkeeper.git
The following commit(s) were added to refs/heads/branch-4.17 by this push: new 6c042fb036 Bump jackson from 2.13.4.20221013 to 2.17.1 to address CVE list (#4345) 6c042fb036 is described below commit 6c042fb036e80eaf10d3ba895df371aa2f5108f6 Author: ZhangJian He <shoot...@gmail.com> AuthorDate: Thu May 9 17:58:02 2024 +0800 Bump jackson from 2.13.4.20221013 to 2.17.1 to address CVE list (#4345) --- bookkeeper-dist/src/main/resources/LICENSE-all.bin.txt | 12 ++++++------ bookkeeper-dist/src/main/resources/LICENSE-bkctl.bin.txt | 12 ++++++------ bookkeeper-dist/src/main/resources/LICENSE-server.bin.txt | 12 ++++++------ pom.xml | 8 ++++---- 4 files changed, 22 insertions(+), 22 deletions(-) diff --git a/bookkeeper-dist/src/main/resources/LICENSE-all.bin.txt b/bookkeeper-dist/src/main/resources/LICENSE-all.bin.txt index da1adf2656..75f89d11f7 100644 --- a/bookkeeper-dist/src/main/resources/LICENSE-all.bin.txt +++ b/bookkeeper-dist/src/main/resources/LICENSE-all.bin.txt @@ -205,9 +205,9 @@ The following bundled 3rd party jars are distributed under the Apache Software License, Version 2. -- lib/com.fasterxml.jackson.core-jackson-annotations-2.13.4.jar [1] -- lib/com.fasterxml.jackson.core-jackson-core-2.13.4.jar [2] -- lib/com.fasterxml.jackson.core-jackson-databind-2.13.4.2.jar [3] +- lib/com.fasterxml.jackson.core-jackson-annotations-2.17.1.jar [1] +- lib/com.fasterxml.jackson.core-jackson-core-2.17.1.jar [2] +- lib/com.fasterxml.jackson.core-jackson-databind-2.17.1.jar [3] - lib/com.google.guava-guava-32.0.1-jre.jar [4] - lib/com.google.guava-failureaccess-1.0.1.jar [4] - lib/com.google.guava-listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar [4] @@ -350,9 +350,9 @@ Apache Software License, Version 2. - lib/org.jetbrains.kotlin-kotlin-stdlib-jdk7-1.6.20.jar [56] - lib/org.jetbrains.kotlin-kotlin-stdlib-jdk8-1.6.20.jar [56] -[1] Source available at https://github.com/FasterXML/jackson-annotations/tree/jackson-annotations-2.13.4 -[2] Source available at https://github.com/FasterXML/jackson-core/tree/jackson-core-2.13.4 -[3] Source available at https://github.com/FasterXML/jackson-databind/tree/jackson-databind-2.13.4.2 +[1] Source available at https://github.com/FasterXML/jackson-annotations/tree/jackson-annotations-2.17.1 +[2] Source available at https://github.com/FasterXML/jackson-core/tree/jackson-core-2.17.1 +[3] Source available at https://github.com/FasterXML/jackson-databind/tree/jackson-databind-2.17.1 [4] Source available at https://github.com/google/guava/tree/v32.0.1 [5] Source available at https://github.com/apache/commons-cli/tree/cli-1.2 [6] Source available at https://github.com/apache/commons-codec/tree/commons-codec-1.6-RC2 diff --git a/bookkeeper-dist/src/main/resources/LICENSE-bkctl.bin.txt b/bookkeeper-dist/src/main/resources/LICENSE-bkctl.bin.txt index 646b19b208..887646ba6e 100644 --- a/bookkeeper-dist/src/main/resources/LICENSE-bkctl.bin.txt +++ b/bookkeeper-dist/src/main/resources/LICENSE-bkctl.bin.txt @@ -205,9 +205,9 @@ The following bundled 3rd party jars are distributed under the Apache Software License, Version 2. -- lib/com.fasterxml.jackson.core-jackson-annotations-2.13.4.jar [1] -- lib/com.fasterxml.jackson.core-jackson-core-2.13.4.jar [2] -- lib/com.fasterxml.jackson.core-jackson-databind-2.13.4.2.jar [3] +- lib/com.fasterxml.jackson.core-jackson-annotations-2.17.1.jar [1] +- lib/com.fasterxml.jackson.core-jackson-core-2.17.1.jar [2] +- lib/com.fasterxml.jackson.core-jackson-databind-2.17.1.jar [3] - lib/com.google.guava-guava-32.0.1-jre.jar [4] - lib/com.google.guava-failureaccess-1.0.1.jar [4] - lib/com.google.guava-listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar [4] @@ -293,9 +293,9 @@ Apache Software License, Version 2. - lib/io.reactivex.rxjava3-rxjava-3.0.1.jar [51] - lib/com.carrotsearch-hppc-0.9.1.jar [52] -[1] Source available at https://github.com/FasterXML/jackson-annotations/tree/jackson-annotations-2.13.4 -[2] Source available at https://github.com/FasterXML/jackson-core/tree/jackson-core-2.13.4 -[3] Source available at https://github.com/FasterXML/jackson-databind/tree/jackson-databind-2.13.4.2 +[1] Source available at https://github.com/FasterXML/jackson-annotations/tree/jackson-annotations-2.17.1 +[2] Source available at https://github.com/FasterXML/jackson-core/tree/jackson-core-2.17.1 +[3] Source available at https://github.com/FasterXML/jackson-databind/tree/jackson-databind-2.17.1 [4] Source available at https://github.com/google/guava/tree/v32.0.1 [5] Source available at https://github.com/apache/commons-cli/tree/cli-1.2 [6] Source available at https://github.com/apache/commons-codec/tree/commons-codec-1.6-RC2 diff --git a/bookkeeper-dist/src/main/resources/LICENSE-server.bin.txt b/bookkeeper-dist/src/main/resources/LICENSE-server.bin.txt index 93e8a827ce..5ef75c9923 100644 --- a/bookkeeper-dist/src/main/resources/LICENSE-server.bin.txt +++ b/bookkeeper-dist/src/main/resources/LICENSE-server.bin.txt @@ -205,9 +205,9 @@ The following bundled 3rd party jars are distributed under the Apache Software License, Version 2. -- lib/com.fasterxml.jackson.core-jackson-annotations-2.13.4.jar [1] -- lib/com.fasterxml.jackson.core-jackson-core-2.13.4.jar [2] -- lib/com.fasterxml.jackson.core-jackson-databind-2.13.4.2.jar [3] +- lib/com.fasterxml.jackson.core-jackson-annotations-2.17.1.jar [1] +- lib/com.fasterxml.jackson.core-jackson-core-2.17.1.jar [2] +- lib/com.fasterxml.jackson.core-jackson-databind-2.17.1.jar [3] - lib/com.google.guava-guava-32.0.1-jre.jar [4] - lib/com.google.guava-failureaccess-1.0.1.jar [4] - lib/com.google.guava-listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar [4] @@ -346,9 +346,9 @@ Apache Software License, Version 2. - lib/org.jetbrains.kotlin-kotlin-stdlib-jdk7-1.6.20.jar [55] - lib/org.jetbrains.kotlin-kotlin-stdlib-jdk8-1.6.20.jar [55] -[1] Source available at https://github.com/FasterXML/jackson-annotations/tree/jackson-annotations-2.13.4 -[2] Source available at https://github.com/FasterXML/jackson-core/tree/jackson-core-2.13.4 -[3] Source available at https://github.com/FasterXML/jackson-databind/tree/jackson-databind-2.13.4.2 +[1] Source available at https://github.com/FasterXML/jackson-annotations/tree/jackson-annotations-2.17.1 +[2] Source available at https://github.com/FasterXML/jackson-core/tree/jackson-core-2.17.1 +[3] Source available at https://github.com/FasterXML/jackson-databind/tree/jackson-databind-2.17.1 [4] Source available at https://github.com/google/guava/tree/v32.0.1 [5] Source available at https://github.com/apache/commons-cli/tree/cli-1.2 [6] Source available at https://github.com/apache/commons-codec/tree/commons-codec-1.6-RC2 diff --git a/pom.xml b/pom.xml index 447be7cfdc..93ee2a8c62 100644 --- a/pom.xml +++ b/pom.xml @@ -19,7 +19,7 @@ <parent> <groupId>org.apache</groupId> <artifactId>apache</artifactId> - <version>29</version> + <version>31</version> </parent> <modelVersion>4.0.0</modelVersion> <groupId>org.apache.bookkeeper</groupId> @@ -78,14 +78,14 @@ <subscribe>user-subscr...@bookkeeper.apache.org</subscribe> <unsubscribe>user-unsubscr...@bookkeeper.apache.org</unsubscribe> <post>u...@bookkeeper.apache.org</post> - <archive>http://www.mail-archive.com/user@bookkeeper.apache.org</archive> + <archive>https://www.mail-archive.com/user@bookkeeper.apache.org</archive> </mailingList> <mailingList> <name>BookKeeper Dev</name> <subscribe>dev-subscr...@bookkeeper.apache.org</subscribe> <unsubscribe>dev-unsubscr...@bookkeeper.apache.org</unsubscribe> <post>d...@bookkeeper.apache.org</post> - <archive>http://www.mail-archive.com/dev@bookkeeper.apache.org</archive> + <archive>https://www.mail-archive.com/dev@bookkeeper.apache.org</archive> </mailingList> <mailingList> <name>BookKeeper Commits</name> @@ -138,7 +138,7 @@ <kerby.version>1.1.1</kerby.version> <hadoop.version>3.3.5</hadoop.version> <hdrhistogram.version>2.1.10</hdrhistogram.version> - <jackson.version>2.13.4.20221013</jackson.version> + <jackson.version>2.17.1</jackson.version> <jcommander.version>1.82</jcommander.version> <jetty.version>9.4.53.v20231009</jetty.version> <jmh.version>1.37</jmh.version>