This is an automated email from the ASF dual-hosted git repository. penghui pushed a commit to branch branch-2.8 in repository https://gitbox.apache.org/repos/asf/pulsar.git
commit e34b224bf6c6634d63adc36d56777370826c44bc Author: Lari Hotari <[email protected]> AuthorDate: Mon Jan 10 22:09:13 2022 +0200 [Security] Upgrade Jackson to 2.12.6 (#13694) * [Security] Upgrade Jackson to 2.12.6 * update LICENSE files --- distribution/server/src/assemble/LICENSE.bin.txt | 16 +++++++------- pom.xml | 4 ++-- pulsar-sql/presto-distribution/LICENSE | 28 ++++++++++++------------ pulsar-sql/presto-distribution/pom.xml | 4 ++-- 4 files changed, 26 insertions(+), 26 deletions(-) diff --git a/distribution/server/src/assemble/LICENSE.bin.txt b/distribution/server/src/assemble/LICENSE.bin.txt index 0c50f4c..e0458f2 100644 --- a/distribution/server/src/assemble/LICENSE.bin.txt +++ b/distribution/server/src/assemble/LICENSE.bin.txt @@ -312,14 +312,14 @@ The Apache Software License, Version 2.0 * JCommander -- com.beust-jcommander-1.78.jar * High Performance Primitive Collections for Java -- com.carrotsearch-hppc-0.7.3.jar * Jackson - - com.fasterxml.jackson.core-jackson-annotations-2.12.3.jar - - com.fasterxml.jackson.core-jackson-core-2.12.3.jar - - com.fasterxml.jackson.core-jackson-databind-2.12.3.jar - - com.fasterxml.jackson.dataformat-jackson-dataformat-yaml-2.12.3.jar - - com.fasterxml.jackson.jaxrs-jackson-jaxrs-base-2.12.3.jar - - com.fasterxml.jackson.jaxrs-jackson-jaxrs-json-provider-2.12.3.jar - - com.fasterxml.jackson.module-jackson-module-jaxb-annotations-2.12.3.jar - - com.fasterxml.jackson.module-jackson-module-jsonSchema-2.12.3.jar + - com.fasterxml.jackson.core-jackson-annotations-2.12.6.jar + - com.fasterxml.jackson.core-jackson-core-2.12.6.jar + - com.fasterxml.jackson.core-jackson-databind-2.12.6.jar + - com.fasterxml.jackson.dataformat-jackson-dataformat-yaml-2.12.6.jar + - com.fasterxml.jackson.jaxrs-jackson-jaxrs-base-2.12.6.jar + - com.fasterxml.jackson.jaxrs-jackson-jaxrs-json-provider-2.12.6.jar + - com.fasterxml.jackson.module-jackson-module-jaxb-annotations-2.12.6.jar + - com.fasterxml.jackson.module-jackson-module-jsonSchema-2.12.6.jar * Caffeine -- com.github.ben-manes.caffeine-caffeine-2.9.1.jar * Conscrypt -- org.conscrypt-conscrypt-openjdk-uber-2.5.2.jar * Proto Google Common Protos -- com.google.api.grpc-proto-google-common-protos-1.17.0.jar diff --git a/pom.xml b/pom.xml index 84355ed..c22850e 100644 --- a/pom.xml +++ b/pom.xml @@ -122,8 +122,8 @@ flexible messaging model and an intuitive client API.</description> <log4j2.version>2.17.1</log4j2.version> <bouncycastle.version>1.69</bouncycastle.version> <bouncycastlefips.version>1.0.2</bouncycastlefips.version> - <jackson.version>2.12.3</jackson.version> - <jackson.databind.version>2.12.3</jackson.databind.version> + <jackson.version>2.12.6</jackson.version> + <jackson.databind.version>2.12.6</jackson.databind.version> <reflections.version>0.9.11</reflections.version> <swagger.version>1.6.2</swagger.version> <puppycrawl.checkstyle.version>8.37</puppycrawl.checkstyle.version> diff --git a/pulsar-sql/presto-distribution/LICENSE b/pulsar-sql/presto-distribution/LICENSE index 9062e45..dbacae1 100644 --- a/pulsar-sql/presto-distribution/LICENSE +++ b/pulsar-sql/presto-distribution/LICENSE @@ -207,19 +207,19 @@ This projects includes binary packages with the following licenses: The Apache Software License, Version 2.0 * Jackson - - jackson-annotations-2.12.3.jar - - jackson-core-2.12.3.jar - - jackson-databind-2.12.3.jar - - jackson-dataformat-smile-2.12.3.jar - - jackson-datatype-guava-2.12.3.jar - - jackson-datatype-jdk8-2.12.3.jar - - jackson-datatype-joda-2.12.3.jar - - jackson-datatype-jsr310-2.12.3.jar - - jackson-dataformat-yaml-2.12.3.jar - - jackson-jaxrs-base-2.12.3.jar - - jackson-jaxrs-json-provider-2.12.3.jar - - jackson-module-jaxb-annotations-2.12.3.jar - - jackson-module-jsonSchema-2.12.3.jar + - jackson-annotations-2.12.6.jar + - jackson-core-2.12.6.jar + - jackson-databind-2.12.6.jar + - jackson-dataformat-smile-2.12.6.jar + - jackson-datatype-guava-2.12.6.jar + - jackson-datatype-jdk8-2.12.6.jar + - jackson-datatype-joda-2.12.6.jar + - jackson-datatype-jsr310-2.12.6.jar + - jackson-dataformat-yaml-2.12.6.jar + - jackson-jaxrs-base-2.12.6.jar + - jackson-jaxrs-json-provider-2.12.6.jar + - jackson-module-jaxb-annotations-2.12.6.jar + - jackson-module-jsonSchema-2.12.6.jar * Guava - guava-30.1-jre.jar - listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar @@ -439,7 +439,7 @@ The Apache Software License, Version 2.0 * Snappy - snappy-java-1.1.7.jar * Jackson - - jackson-module-parameter-names-2.12.3.jar + - jackson-module-parameter-names-2.12.6.jar * Java Assist - javassist-3.25.0-GA.jar * Java Native Access diff --git a/pulsar-sql/presto-distribution/pom.xml b/pulsar-sql/presto-distribution/pom.xml index 8cacd91..ca193f1 100644 --- a/pulsar-sql/presto-distribution/pom.xml +++ b/pulsar-sql/presto-distribution/pom.xml @@ -39,10 +39,10 @@ <objenesis.version>2.6</objenesis.version> <objectsize.version>0.0.12</objectsize.version> <guice.version>4.2.0</guice.version> - <jackson.version>2.12.3</jackson.version> + <jackson.version>2.12.6</jackson.version> <!--fix Security Vulnerabilities--> <!--https://www.cvedetails.com/vulnerability-list/vendor_id-15866/product_id-42991/Fasterxml-Jackson-databind.html--> - <jackson.databind.version>2.12.3</jackson.databind.version> + <jackson.databind.version>2.12.6</jackson.databind.version> <maven.version>3.0.5</maven.version> <guava.version>30.1-jre</guava.version> <asynchttpclient.version>2.12.1</asynchttpclient.version>
