(pulsar) branch branch-4.0 updated: [fix][sec] Upgrade Jackson version to 2.18.6 (#25264)

mmerli Sun, 01 Mar 2026 14:51:38 -0800

This is an automated email from the ASF dual-hosted git repository.

mmerli pushed a commit to branch branch-4.0
in repository https://gitbox.apache.org/repos/asf/pulsar.git



The following commit(s) were added to refs/heads/branch-4.0 by this push:
     new 63013a6f2c2 [fix][sec] Upgrade Jackson version to 2.18.6 (#25264)
63013a6f2c2 is described below

commit 63013a6f2c2f4869faaa0669ed4b0d4e762955e9
Author: Oneby Wang <[email protected]>
AuthorDate: Mon Mar 2 06:46:45 2026 +0800

    [fix][sec] Upgrade Jackson version to 2.18.6 (#25264)
---
 distribution/server/src/assemble/LICENSE.bin.txt | 22 +++++++++++-----------
 distribution/shell/src/assemble/LICENSE.bin.txt  | 22 +++++++++++-----------
 pom.xml                                          |  2 +-
 3 files changed, 23 insertions(+), 23 deletions(-)

diff --git a/distribution/server/src/assemble/LICENSE.bin.txt 
b/distribution/server/src/assemble/LICENSE.bin.txt
index d56ac347495..a903ce0a862 100644
--- a/distribution/server/src/assemble/LICENSE.bin.txt
+++ b/distribution/server/src/assemble/LICENSE.bin.txt
@@ -249,17 +249,17 @@ The Apache Software License, Version 2.0
      - info.picocli-picocli-shell-jline3-4.7.5.jar
  * High Performance Primitive Collections for Java -- 
com.carrotsearch-hppc-0.9.1.jar
  * Jackson
-     - com.fasterxml.jackson.core-jackson-annotations-2.17.2.jar
-     - com.fasterxml.jackson.core-jackson-core-2.17.2.jar
-     - com.fasterxml.jackson.core-jackson-databind-2.17.2.jar
-     - com.fasterxml.jackson.dataformat-jackson-dataformat-yaml-2.17.2.jar
-     - com.fasterxml.jackson.jaxrs-jackson-jaxrs-base-2.17.2.jar
-     - com.fasterxml.jackson.jaxrs-jackson-jaxrs-json-provider-2.17.2.jar
-     - com.fasterxml.jackson.module-jackson-module-jaxb-annotations-2.17.2.jar
-     - com.fasterxml.jackson.module-jackson-module-jsonSchema-2.17.2.jar
-     - com.fasterxml.jackson.datatype-jackson-datatype-jdk8-2.17.2.jar
-     - com.fasterxml.jackson.datatype-jackson-datatype-jsr310-2.17.2.jar
-     - com.fasterxml.jackson.module-jackson-module-parameter-names-2.17.2.jar
+     - com.fasterxml.jackson.core-jackson-annotations-2.18.6.jar
+     - com.fasterxml.jackson.core-jackson-core-2.18.6.jar
+     - com.fasterxml.jackson.core-jackson-databind-2.18.6.jar
+     - com.fasterxml.jackson.dataformat-jackson-dataformat-yaml-2.18.6.jar
+     - com.fasterxml.jackson.jaxrs-jackson-jaxrs-base-2.18.6.jar
+     - com.fasterxml.jackson.jaxrs-jackson-jaxrs-json-provider-2.18.6.jar
+     - com.fasterxml.jackson.module-jackson-module-jaxb-annotations-2.18.6.jar
+     - com.fasterxml.jackson.module-jackson-module-jsonSchema-2.18.6.jar
+     - com.fasterxml.jackson.datatype-jackson-datatype-jdk8-2.18.6.jar
+     - com.fasterxml.jackson.datatype-jackson-datatype-jsr310-2.18.6.jar
+     - com.fasterxml.jackson.module-jackson-module-parameter-names-2.18.6.jar
  * Caffeine -- com.github.ben-manes.caffeine-caffeine-2.9.1.jar
  * Conscrypt -- org.conscrypt-conscrypt-openjdk-uber-2.5.2.jar
  * Fastutil -- it.unimi.dsi-fastutil-8.5.16.jar
diff --git a/distribution/shell/src/assemble/LICENSE.bin.txt 
b/distribution/shell/src/assemble/LICENSE.bin.txt
index b0f84cafa47..5769ecde6dc 100644
--- a/distribution/shell/src/assemble/LICENSE.bin.txt
+++ b/distribution/shell/src/assemble/LICENSE.bin.txt
@@ -313,17 +313,17 @@ The Apache Software License, Version 2.0
      - picocli-4.7.5.jar
      - picocli-shell-jline3-4.7.5.jar
  * Jackson
-     - jackson-annotations-2.17.2.jar
-     - jackson-core-2.17.2.jar
-     - jackson-databind-2.17.2.jar
-     - jackson-dataformat-yaml-2.17.2.jar
-     - jackson-jaxrs-base-2.17.2.jar
-     - jackson-jaxrs-json-provider-2.17.2.jar
-     - jackson-module-jaxb-annotations-2.17.2.jar
-     - jackson-module-jsonSchema-2.17.2.jar
-     - jackson-datatype-jdk8-2.17.2.jar
-     - jackson-datatype-jsr310-2.17.2.jar
-     - jackson-module-parameter-names-2.17.2.jar
+     - jackson-annotations-2.18.6.jar
+     - jackson-core-2.18.6.jar
+     - jackson-databind-2.18.6.jar
+     - jackson-dataformat-yaml-2.18.6.jar
+     - jackson-jaxrs-base-2.18.6.jar
+     - jackson-jaxrs-json-provider-2.18.6.jar
+     - jackson-module-jaxb-annotations-2.18.6.jar
+     - jackson-module-jsonSchema-2.18.6.jar
+     - jackson-datatype-jdk8-2.18.6.jar
+     - jackson-datatype-jsr310-2.18.6.jar
+     - jackson-module-parameter-names-2.18.6.jar
  * Conscrypt -- conscrypt-openjdk-uber-2.5.2.jar
  * Gson
     - gson-2.13.2.jar
diff --git a/pom.xml b/pom.xml
index 797cc1409f0..7df08b5a352 100644
--- a/pom.xml
+++ b/pom.xml
@@ -202,7 +202,7 @@ flexible messaging model and an intuitive client 
API.</description>
     
<bouncycastle.bcprov-ext-jdk18on.version>1.78.1</bouncycastle.bcprov-ext-jdk18on.version>
     <bouncycastle.bcpkix-fips.version>2.0.10</bouncycastle.bcpkix-fips.version>
     <bouncycastle.bc-fips.version>2.0.1</bouncycastle.bc-fips.version>
-    <jackson.version>2.17.2</jackson.version>
+    <jackson.version>2.18.6</jackson.version>
     <fastutil.version>8.5.16</fastutil.version>
     <reflections.version>0.10.2</reflections.version>
     <swagger.version>1.6.2</swagger.version>

(pulsar) branch branch-4.0 updated: [fix][sec] Upgrade Jackson version to 2.18.6 (#25264)

Reply via email to