[pulsar] branch branch-2.10 updated: Revert "[branch-2.10][improve][build] Upgrade jackson version to 2.15.0 for CVE-2022-1471 (#20181)"

Tue, 25 Apr 2023 17:57:53 -0700 

This is an automated email from the ASF dual-hosted git repository.

mattisonchao pushed a commit to branch branch-2.10
in repository https://gitbox.apache.org/repos/asf/pulsar.git


The following commit(s) were added to refs/heads/branch-2.10 by this push:
     new b062d8ceb40 Revert "[branch-2.10][improve][build] Upgrade jackson 
version to 2.15.0 for CVE-2022-1471 (#20181)"
b062d8ceb40 is described below

commit b062d8ceb4042a5f0203376f6cfd01706564d9ea
Author: mattisonchao <[email protected]>
AuthorDate: Wed Apr 26 08:56:53 2023 +0800

    Revert "[branch-2.10][improve][build] Upgrade jackson version to 2.15.0 for 
CVE-2022-1471 (#20181)"
    
    This reverts commit d3766c8105507570866613815e61e829ddcbd899.
---
 distribution/server/src/assemble/LICENSE.bin.txt   | 16 ++++++-------
 pom.xml                                            |  2 +-
 .../org/apache/pulsar/common/util/FieldParser.java |  7 ++++--
 pulsar-sql/presto-distribution/LICENSE             | 28 +++++++++++-----------
 4 files changed, 28 insertions(+), 25 deletions(-)

diff --git a/distribution/server/src/assemble/LICENSE.bin.txt 
b/distribution/server/src/assemble/LICENSE.bin.txt
index ab739843481..7ead9d790a8 100644
--- a/distribution/server/src/assemble/LICENSE.bin.txt
+++ b/distribution/server/src/assemble/LICENSE.bin.txt
@@ -312,14 +312,14 @@ The Apache Software License, Version 2.0
  * JCommander -- com.beust-jcommander-1.78.jar
  * High Performance Primitive Collections for Java -- 
com.carrotsearch-hppc-0.7.3.jar
  * Jackson
-     - com.fasterxml.jackson.core-jackson-annotations-2.15.0.jar
-     - com.fasterxml.jackson.core-jackson-core-2.15.0.jar
-     - com.fasterxml.jackson.core-jackson-databind-2.15.0.jar
-     - com.fasterxml.jackson.dataformat-jackson-dataformat-yaml-2.15.0.jar
-     - com.fasterxml.jackson.jaxrs-jackson-jaxrs-base-2.15.0.jar
-     - com.fasterxml.jackson.jaxrs-jackson-jaxrs-json-provider-2.15.0.jar
-     - com.fasterxml.jackson.module-jackson-module-jaxb-annotations-2.15.0.jar
-     - com.fasterxml.jackson.module-jackson-module-jsonSchema-2.15.0.jar
+     - com.fasterxml.jackson.core-jackson-annotations-2.14.2.jar
+     - com.fasterxml.jackson.core-jackson-core-2.14.2.jar
+     - com.fasterxml.jackson.core-jackson-databind-2.14.2.jar
+     - com.fasterxml.jackson.dataformat-jackson-dataformat-yaml-2.14.2.jar
+     - com.fasterxml.jackson.jaxrs-jackson-jaxrs-base-2.14.2.jar
+     - com.fasterxml.jackson.jaxrs-jackson-jaxrs-json-provider-2.14.2.jar
+     - com.fasterxml.jackson.module-jackson-module-jaxb-annotations-2.14.2.jar
+     - com.fasterxml.jackson.module-jackson-module-jsonSchema-2.14.2.jar
  * Caffeine -- com.github.ben-manes.caffeine-caffeine-2.9.1.jar
  * Conscrypt -- org.conscrypt-conscrypt-openjdk-uber-2.5.2.jar
  * Proto Google Common Protos -- 
com.google.api.grpc-proto-google-common-protos-2.0.1.jar
diff --git a/pom.xml b/pom.xml
index f5ae86aa331..e1acfb6b74b 100644
--- a/pom.xml
+++ b/pom.xml
@@ -124,7 +124,7 @@ flexible messaging model and an intuitive client 
API.</description>
     <log4j2.version>2.18.0</log4j2.version>
     <bouncycastle.version>1.69</bouncycastle.version>
     <bouncycastlefips.version>1.0.2</bouncycastlefips.version>
-    <jackson.version>2.15.0</jackson.version>
+    <jackson.version>2.14.2</jackson.version>
     <reflections.version>0.9.11</reflections.version>
     <swagger.version>1.6.10</swagger.version>
     <puppycrawl.checkstyle.version>8.37</puppycrawl.checkstyle.version>
diff --git 
a/pulsar-common/src/main/java/org/apache/pulsar/common/util/FieldParser.java 
b/pulsar-common/src/main/java/org/apache/pulsar/common/util/FieldParser.java
index a135c63febd..40450584764 100644
--- a/pulsar-common/src/main/java/org/apache/pulsar/common/util/FieldParser.java
+++ b/pulsar-common/src/main/java/org/apache/pulsar/common/util/FieldParser.java
@@ -21,6 +21,8 @@ package org.apache.pulsar.common.util;
 import static com.google.common.base.Preconditions.checkArgument;
 import static java.lang.String.format;
 import static java.util.Objects.requireNonNull;
+import com.fasterxml.jackson.databind.AnnotationIntrospector;
+import com.fasterxml.jackson.databind.introspect.JacksonAnnotationIntrospector;
 import com.fasterxml.jackson.databind.util.EnumResolver;
 import java.lang.reflect.Field;
 import java.lang.reflect.Method;
@@ -56,6 +58,8 @@ public final class FieldParser {
     private static final Map<String, Method> CONVERTERS = new HashMap<>();
     private static final Map<Class<?>, Class<?>> WRAPPER_TYPES = new 
HashMap<>();
 
+    private static final AnnotationIntrospector ANNOTATION_INTROSPECTOR = new 
JacksonAnnotationIntrospector();
+
     static {
         // Preload converters and wrapperTypes.
         initConverters();
@@ -96,8 +100,7 @@ public final class FieldParser {
 
         if (to.isEnum()) {
             // Converting string to enum
-            EnumResolver r = 
EnumResolver.constructUsingToString(ObjectMapperFactory.getThreadLocal()
-                            .getDeserializationConfig(), to);
+            EnumResolver r = 
EnumResolver.constructUsingToString((Class<Enum<?>>) to, 
ANNOTATION_INTROSPECTOR);
             T value = (T) r.findEnum((String) from);
             if (value == null) {
                 throw new RuntimeException("Invalid value '" + from + "' for 
enum " + to);
diff --git a/pulsar-sql/presto-distribution/LICENSE 
b/pulsar-sql/presto-distribution/LICENSE
index aaa47a3c2e9..4c59ab739e2 100644
--- a/pulsar-sql/presto-distribution/LICENSE
+++ b/pulsar-sql/presto-distribution/LICENSE
@@ -207,19 +207,19 @@ This projects includes binary packages with the following 
licenses:
 The Apache Software License, Version 2.0
 
   * Jackson
-    - jackson-annotations-2.15.0.jar
-    - jackson-core-2.15.0.jar
-    - jackson-databind-2.15.0.jar
-    - jackson-dataformat-smile-2.15.0.jar
-    - jackson-datatype-guava-2.15.0.jar
-    - jackson-datatype-jdk8-2.15.0.jar
-    - jackson-datatype-joda-2.15.0.jar
-    - jackson-datatype-jsr310-2.15.0.jar
-    - jackson-dataformat-yaml-2.15.0.jar
-    - jackson-jaxrs-base-2.15.0.jar
-    - jackson-jaxrs-json-provider-2.15.0.jar
-    - jackson-module-jaxb-annotations-2.15.0.jar
-    - jackson-module-jsonSchema-2.15.0.jar
+    - jackson-annotations-2.14.2.jar
+    - jackson-core-2.14.2.jar
+    - jackson-databind-2.14.2.jar
+    - jackson-dataformat-smile-2.14.2.jar
+    - jackson-datatype-guava-2.14.2.jar
+    - jackson-datatype-jdk8-2.14.2.jar
+    - jackson-datatype-joda-2.14.2.jar
+    - jackson-datatype-jsr310-2.14.2.jar
+    - jackson-dataformat-yaml-2.14.2.jar
+    - jackson-jaxrs-base-2.14.2.jar
+    - jackson-jaxrs-json-provider-2.14.2.jar
+    - jackson-module-jaxb-annotations-2.14.2.jar
+    - jackson-module-jsonSchema-2.14.2.jar
  * Guava
     - guava-31.0.1-jre.jar
     - listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar
@@ -459,7 +459,7 @@ The Apache Software License, Version 2.0
   * Snappy
     - snappy-java-1.1.7.jar
   * Jackson
-    - jackson-module-parameter-names-2.15.0.jar
+    - jackson-module-parameter-names-2.14.2.jar
   * Java Assist
     - javassist-3.25.0-GA.jar
   * Java Native Access

Reply via email to