[camel-quarkus] branch 2.7.x updated: Upgrade to com.alibaba:fastjson:1.2.83, fix CVE-2022-25845 fastjson: autoType shutdown restriction bypass leads to deserialization

Fri, 01 Jul 2022 13:56:57 -0700 

This is an automated email from the ASF dual-hosted git repository.

ppalaga pushed a commit to branch 2.7.x
in repository https://gitbox.apache.org/repos/asf/camel-quarkus.git


The following commit(s) were added to refs/heads/2.7.x by this push:
     new 68535892c4 Upgrade to com.alibaba:fastjson:1.2.83, fix CVE-2022-25845 
fastjson: autoType shutdown restriction bypass leads to deserialization
68535892c4 is described below

commit 68535892c459d2bd2879f403308493dc8bd3c100
Author: Peter Palaga <[email protected]>
AuthorDate: Fri Jul 1 13:49:12 2022 +0200

    Upgrade to com.alibaba:fastjson:1.2.83, fix CVE-2022-25845 fastjson: 
autoType shutdown restriction bypass leads to deserialization
---
 pom.xml                                                       | 1 +
 poms/bom/pom.xml                                              | 5 +++++
 poms/bom/src/main/generated/flattened-full-pom.xml            | 5 +++++
 poms/bom/src/main/generated/flattened-reduced-pom.xml         | 5 +++++
 poms/bom/src/main/generated/flattened-reduced-verbose-pom.xml | 5 +++++
 5 files changed, 21 insertions(+)

diff --git a/pom.xml b/pom.xml
index 0a6e9b1f6c..442f6ced95 100644
--- a/pom.xml
+++ b/pom.xml
@@ -80,6 +80,7 @@
         <derby.version>10.15.2.0</derby.version><!-- Spark -->
         <dropwizard-metrics.version>4.1.0</dropwizard-metrics.version><!-- 
@sync com.azure:azure-sdk-bom:${azure-sdk-bom.version} 
dep:io.dropwizard.metrics:metrics-core -->
         <eddsa.version>${eddsa-version}</eddsa.version>
+        <fastjson.version>1.2.83</fastjson.version><!-- This and the BOM entry 
can be removed once we are on Camel that brings factjson 1.2.83+ -->
         <freemarker.version>2.3.31</freemarker.version><!-- @sync 
io.quarkiverse.freemarker:quarkus-freemarker-parent:${quarkiverse-freemarker.version}
 prop:freemarker.version -->
         <fommil.netlib.core.version>1.1.2</fommil.netlib.core.version><!-- 
Mess in Weka transitive deps -->
         <github-api.version>1.111</github-api.version><!-- Used in a Groovy 
script bellow -->
diff --git a/poms/bom/pom.xml b/poms/bom/pom.xml
index cf43aaacfe..5abf6af8e5 100644
--- a/poms/bom/pom.xml
+++ b/poms/bom/pom.xml
@@ -70,6 +70,11 @@
                 <type>pom</type>
                 <scope>import</scope>
             </dependency>
+            <dependency>
+                <groupId>com.alibaba</groupId>
+                <artifactId>fastjson</artifactId>
+                <version>${fastjson.version}</version>
+            </dependency>
             <dependency>
                 <groupId>com.azure</groupId>
                 <artifactId>azure-sdk-bom</artifactId>
diff --git a/poms/bom/src/main/generated/flattened-full-pom.xml 
b/poms/bom/src/main/generated/flattened-full-pom.xml
index 49cab1591c..aaae33e177 100644
--- a/poms/bom/src/main/generated/flattened-full-pom.xml
+++ b/poms/bom/src/main/generated/flattened-full-pom.xml
@@ -50,6 +50,11 @@
   </distributionManagement>
   <dependencyManagement>
     <dependencies>
+      <dependency>
+        <groupId>com.alibaba</groupId><!-- 
org.apache.camel.quarkus:camel-quarkus-bom:${project.version} -->
+        <artifactId>fastjson</artifactId><!-- 
org.apache.camel.quarkus:camel-quarkus-bom:${project.version} -->
+        <version>1.2.83</version><!-- 
org.apache.camel.quarkus:camel-quarkus-bom:${project.version} -->
+      </dependency>
       <dependency>
         <groupId>org.apache.camel</groupId><!-- 
org.apache.camel.quarkus:camel-quarkus-bom:${project.version} -->
         <artifactId>camel-activemq</artifactId><!-- 
org.apache.camel.quarkus:camel-quarkus-bom:${project.version} -->
diff --git a/poms/bom/src/main/generated/flattened-reduced-pom.xml 
b/poms/bom/src/main/generated/flattened-reduced-pom.xml
index a7217d0ef4..d5b029e674 100644
--- a/poms/bom/src/main/generated/flattened-reduced-pom.xml
+++ b/poms/bom/src/main/generated/flattened-reduced-pom.xml
@@ -50,6 +50,11 @@
   </distributionManagement>
   <dependencyManagement>
     <dependencies>
+      <dependency>
+        <groupId>com.alibaba</groupId>
+        <artifactId>fastjson</artifactId>
+        <version>1.2.83</version>
+      </dependency>
       <dependency>
         <groupId>org.apache.camel</groupId>
         <artifactId>camel-activemq</artifactId>
diff --git a/poms/bom/src/main/generated/flattened-reduced-verbose-pom.xml 
b/poms/bom/src/main/generated/flattened-reduced-verbose-pom.xml
index f455ee315d..407610204a 100644
--- a/poms/bom/src/main/generated/flattened-reduced-verbose-pom.xml
+++ b/poms/bom/src/main/generated/flattened-reduced-verbose-pom.xml
@@ -50,6 +50,11 @@
   </distributionManagement>
   <dependencyManagement>
     <dependencies>
+      <dependency>
+        <groupId>com.alibaba</groupId><!-- 
org.apache.camel.quarkus:camel-quarkus-bom:${project.version} -->
+        <artifactId>fastjson</artifactId><!-- 
org.apache.camel.quarkus:camel-quarkus-bom:${project.version} -->
+        <version>1.2.83</version><!-- 
org.apache.camel.quarkus:camel-quarkus-bom:${project.version} -->
+      </dependency>
       <dependency>
         <groupId>org.apache.camel</groupId><!-- 
org.apache.camel.quarkus:camel-quarkus-bom:${project.version} -->
         <artifactId>camel-activemq</artifactId><!-- 
org.apache.camel.quarkus:camel-quarkus-bom:${project.version} -->

Reply via email to