(pulsar) branch master updated: [fix][sec] Upgrade Jackson version to 2.18.6 (#25264)

Sun, 01 Mar 2026 14:47:05 -0800 

This is an automated email from the ASF dual-hosted git repository.

mmerli pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/pulsar.git


The following commit(s) were added to refs/heads/master by this push:
     new d992dc530be [fix][sec] Upgrade Jackson version to 2.18.6 (#25264)
d992dc530be is described below

commit d992dc530bea4f4737da93f1527133b1c9389a45
Author: Oneby Wang <[email protected]>
AuthorDate: Mon Mar 2 06:46:45 2026 +0800

    [fix][sec] Upgrade Jackson version to 2.18.6 (#25264)
---
 distribution/server/src/assemble/LICENSE.bin.txt | 22 +++++++++++-----------
 distribution/shell/src/assemble/LICENSE.bin.txt  | 22 +++++++++++-----------
 pom.xml                                          |  6 +++++-
 3 files changed, 27 insertions(+), 23 deletions(-)

diff --git a/distribution/server/src/assemble/LICENSE.bin.txt 
b/distribution/server/src/assemble/LICENSE.bin.txt
index 4a0eb2f52f9..4f582a1fd7b 100644
--- a/distribution/server/src/assemble/LICENSE.bin.txt
+++ b/distribution/server/src/assemble/LICENSE.bin.txt
@@ -249,17 +249,17 @@ The Apache Software License, Version 2.0
      - info.picocli-picocli-shell-jline3-4.7.5.jar
  * High Performance Primitive Collections for Java -- 
com.carrotsearch-hppc-0.9.1.jar
  * Jackson
-     - com.fasterxml.jackson.core-jackson-annotations-2.17.2.jar
-     - com.fasterxml.jackson.core-jackson-core-2.17.2.jar
-     - com.fasterxml.jackson.core-jackson-databind-2.17.2.jar
-     - com.fasterxml.jackson.dataformat-jackson-dataformat-yaml-2.17.2.jar
-     - com.fasterxml.jackson.jaxrs-jackson-jaxrs-base-2.17.2.jar
-     - com.fasterxml.jackson.jaxrs-jackson-jaxrs-json-provider-2.17.2.jar
-     - com.fasterxml.jackson.module-jackson-module-jaxb-annotations-2.17.2.jar
-     - com.fasterxml.jackson.module-jackson-module-jsonSchema-2.17.2.jar
-     - com.fasterxml.jackson.datatype-jackson-datatype-jdk8-2.17.2.jar
-     - com.fasterxml.jackson.datatype-jackson-datatype-jsr310-2.17.2.jar
-     - com.fasterxml.jackson.module-jackson-module-parameter-names-2.17.2.jar
+     - com.fasterxml.jackson.core-jackson-annotations-2.18.6.jar
+     - com.fasterxml.jackson.core-jackson-core-2.18.6.jar
+     - com.fasterxml.jackson.core-jackson-databind-2.18.6.jar
+     - com.fasterxml.jackson.dataformat-jackson-dataformat-yaml-2.18.6.jar
+     - com.fasterxml.jackson.jaxrs-jackson-jaxrs-base-2.18.6.jar
+     - com.fasterxml.jackson.jaxrs-jackson-jaxrs-json-provider-2.18.6.jar
+     - com.fasterxml.jackson.module-jackson-module-jaxb-annotations-2.18.6.jar
+     - com.fasterxml.jackson.module-jackson-module-jsonSchema-2.18.6.jar
+     - com.fasterxml.jackson.datatype-jackson-datatype-jdk8-2.18.6.jar
+     - com.fasterxml.jackson.datatype-jackson-datatype-jsr310-2.18.6.jar
+     - com.fasterxml.jackson.module-jackson-module-parameter-names-2.18.6.jar
  * Caffeine -- com.github.ben-manes.caffeine-caffeine-3.2.3.jar
  * Conscrypt -- org.conscrypt-conscrypt-openjdk-uber-2.5.2.jar
  * Fastutil -- it.unimi.dsi-fastutil-8.5.16.jar
diff --git a/distribution/shell/src/assemble/LICENSE.bin.txt 
b/distribution/shell/src/assemble/LICENSE.bin.txt
index 3219f66c953..6cb4dd912c3 100644
--- a/distribution/shell/src/assemble/LICENSE.bin.txt
+++ b/distribution/shell/src/assemble/LICENSE.bin.txt
@@ -313,17 +313,17 @@ The Apache Software License, Version 2.0
      - picocli-4.7.5.jar
      - picocli-shell-jline3-4.7.5.jar
  * Jackson
-     - jackson-annotations-2.17.2.jar
-     - jackson-core-2.17.2.jar
-     - jackson-databind-2.17.2.jar
-     - jackson-dataformat-yaml-2.17.2.jar
-     - jackson-jaxrs-base-2.17.2.jar
-     - jackson-jaxrs-json-provider-2.17.2.jar
-     - jackson-module-jaxb-annotations-2.17.2.jar
-     - jackson-module-jsonSchema-2.17.2.jar
-     - jackson-datatype-jdk8-2.17.2.jar
-     - jackson-datatype-jsr310-2.17.2.jar
-     - jackson-module-parameter-names-2.17.2.jar
+     - jackson-annotations-2.18.6.jar
+     - jackson-core-2.18.6.jar
+     - jackson-databind-2.18.6.jar
+     - jackson-dataformat-yaml-2.18.6.jar
+     - jackson-jaxrs-base-2.18.6.jar
+     - jackson-jaxrs-json-provider-2.18.6.jar
+     - jackson-module-jaxb-annotations-2.18.6.jar
+     - jackson-module-jsonSchema-2.18.6.jar
+     - jackson-datatype-jdk8-2.18.6.jar
+     - jackson-datatype-jsr310-2.18.6.jar
+     - jackson-module-parameter-names-2.18.6.jar
  * Conscrypt -- conscrypt-openjdk-uber-2.5.2.jar
  * Gson
     - gson-2.13.2.jar
diff --git a/pom.xml b/pom.xml
index 5d975391161..0d0e9039704 100644
--- a/pom.xml
+++ b/pom.xml
@@ -210,7 +210,7 @@ flexible messaging model and an intuitive client 
API.</description>
     
<bouncycastle.bcprov-ext-jdk18on.version>1.78.1</bouncycastle.bcprov-ext-jdk18on.version>
     <bouncycastle.bcpkix-fips.version>2.0.10</bouncycastle.bcpkix-fips.version>
     <bouncycastle.bc-fips.version>2.0.1</bouncycastle.bc-fips.version>
-    <jackson.version>2.17.2</jackson.version>
+    <jackson.version>2.18.6</jackson.version>
     <fastutil.version>8.5.16</fastutil.version>
     <jctools.version>4.0.5</jctools.version>
     <reflections.version>0.10.2</reflections.version>
@@ -1728,6 +1728,10 @@ flexible messaging model and an intuitive client 
API.</description>
             <groupId>jakarta.activation</groupId>
             <artifactId>jakarta.activation-api</artifactId>
           </exclusion>
+          <exclusion>
+            <groupId>javax.xml.bind</groupId>
+            <artifactId>jaxb-api</artifactId>
+          </exclusion>
         </exclusions>
       </dependency>

Reply via email to