This is an automated email from the ASF dual-hosted git repository.
krisden pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/knox.git
The following commit(s) were added to refs/heads/master by this push:
new 6b080d8 KNOX-1939 - Upgrade jackson-databind to 2.9.9.1
6b080d8 is described below
commit 6b080d8fe298fdca33b3479c8a78e0d4ab8e82d0
Author: Zsombor Gegesy <[email protected]>
AuthorDate: Thu Jul 25 14:29:29 2019 +0200
KNOX-1939 - Upgrade jackson-databind to 2.9.9.1
Change-Id: Id13def45fa51f9c114497d48b91c909790ae31d3
Signed-off-by: Kevin Risden <[email protected]>
---
pom.xml | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/pom.xml b/pom.xml
index 94c82b9..ea85896 100644
--- a/pom.xml
+++ b/pom.xml
@@ -183,6 +183,11 @@
<httpcore.version>4.4.11</httpcore.version>
<j2e-pac4j.version>4.1.0</j2e-pac4j.version>
<jackson.version>2.9.9</jackson.version>
+ <!--
+ jackson-databind released a small bug fix for a CVE
+ remove the extra version when jackson version is bumped to 2.10.x
+ -->
+ <jackson-databind.version>2.9.9.1</jackson-databind.version>
<jacoco-maven-plugin.version>0.8.4</jacoco-maven-plugin.version>
<jansi.version>1.18</jansi.version>
<javax.activation.version>1.2.0</javax.activation.version>
@@ -1457,7 +1462,7 @@
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
- <version>${jackson.version}</version>
+ <version>${jackson-databind.version}</version>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.dataformat</groupId>
