This is an automated email from the ASF dual-hosted git repository.
agresch pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/storm.git
The following commit(s) were added to refs/heads/master by this push:
new c71e7ac49 [STORM-3820] use jackson-databind 2.10.5.1 (#3438)
c71e7ac49 is described below
commit c71e7ac498067de4ee2c5b9c9b6759cece5b0184
Author: PJ Fanning <[email protected]>
AuthorDate: Mon Apr 4 17:52:50 2022 +0200
[STORM-3820] use jackson-databind 2.10.5.1 (#3438)
* [STORM-3820] use jackson-databind 2.10.5.1 to avoid
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25649
---
DEPENDENCY-LICENSES | 31 ++++++++++++++++---------------
LICENSE-binary | 28 ++++++++++++++--------------
external/storm-cassandra/pom.xml | 1 -
external/storm-elasticsearch/pom.xml | 1 +
external/storm-hbase/pom.xml | 1 +
external/storm-kafka-client/pom.xml | 1 +
external/storm-kafka-migration/pom.xml | 1 +
external/storm-opentsdb/pom.xml | 1 +
external/storm-redis/pom.xml | 1 +
pom.xml | 3 ++-
sql/storm-sql-runtime/pom.xml | 1 +
storm-server/pom.xml | 1 +
storm-webapp/pom.xml | 1 +
13 files changed, 41 insertions(+), 31 deletions(-)
diff --git a/DEPENDENCY-LICENSES b/DEPENDENCY-LICENSES
index e08a168cb..6597c46a8 100644
--- a/DEPENDENCY-LICENSES
+++ b/DEPENDENCY-LICENSES
@@ -314,23 +314,24 @@ List of third-party dependencies grouped by their license
type.
* j2html (com.j2html:j2html:1.0.0 - http://j2html.com)
* J2ObjC Annotations (com.google.j2objc:j2objc-annotations:1.1 -
https://github.com/google/j2objc/)
* Jackson (org.codehaus.jackson:jackson-core-asl:1.9.13 -
http://jackson.codehaus.org)
- * Jackson-annotations
(com.fasterxml.jackson.core:jackson-annotations:2.10.0 -
http://github.com/FasterXML/jackson)
- * Jackson-core (com.fasterxml.jackson.core:jackson-core:2.10.0 -
https://github.com/FasterXML/jackson-core)
- * jackson-databind (com.fasterxml.jackson.core:jackson-databind:2.10.0
- http://github.com/FasterXML/jackson)
- * Jackson dataformat: CBOR
(com.fasterxml.jackson.dataformat:jackson-dataformat-cbor:2.10.0 -
http://github.com/FasterXML/jackson-dataformats-binary)
- * Jackson dataformat: Smile
(com.fasterxml.jackson.dataformat:jackson-dataformat-smile:2.10.0 -
http://github.com/FasterXML/jackson-dataformats-binary)
- * Jackson-dataformat-YAML
(com.fasterxml.jackson.dataformat:jackson-dataformat-yaml:2.10.0 -
https://github.com/FasterXML/jackson-dataformats-text)
- * Jackson datatype: Guava
(com.fasterxml.jackson.datatype:jackson-datatype-guava:2.10.0 -
https://github.com/FasterXML/jackson-datatypes-collections)
- * Jackson datatype: jdk8
(com.fasterxml.jackson.datatype:jackson-datatype-jdk8:2.10.0 -
https://github.com/FasterXML/jackson-modules-java8/jackson-datatype-jdk8)
- * Jackson datatype: JSR310
(com.fasterxml.jackson.datatype:jackson-datatype-jsr310:2.10.0 -
https://github.com/FasterXML/jackson-modules-java8/jackson-datatype-jsr310)
- * Jackson-datatype-Joda
(com.fasterxml.jackson.datatype:jackson-datatype-joda:2.10.0 -
http://wiki.fasterxml.com/JacksonModuleJoda)
+ * Jackson-annotations
(com.fasterxml.jackson.core:jackson-annotations:2.10.5 -
http://github.com/FasterXML/jackson)
+ * Jackson-core (com.fasterxml.jackson.core:jackson-core:2.10.5 -
https://github.com/FasterXML/jackson-core)
+ * jackson-databind
(com.fasterxml.jackson.core:jackson-databind:2.10.5.1 -
http://github.com/FasterXML/jackson)
+ * jackson-databind (com.fasterxml.jackson.core:jackson-databind:2.10.5
- http://github.com/FasterXML/jackson)
+ * Jackson dataformat: CBOR
(com.fasterxml.jackson.dataformat:jackson-dataformat-cbor:2.10.5 -
http://github.com/FasterXML/jackson-dataformats-binary)
+ * Jackson dataformat: Smile
(com.fasterxml.jackson.dataformat:jackson-dataformat-smile:2.10.5 -
http://github.com/FasterXML/jackson-dataformats-binary)
+ * Jackson-dataformat-YAML
(com.fasterxml.jackson.dataformat:jackson-dataformat-yaml:2.10.5 -
https://github.com/FasterXML/jackson-dataformats-text)
+ * Jackson datatype: Guava
(com.fasterxml.jackson.datatype:jackson-datatype-guava:2.10.5 -
https://github.com/FasterXML/jackson-datatypes-collections)
+ * Jackson datatype: jdk8
(com.fasterxml.jackson.datatype:jackson-datatype-jdk8:2.10.5 -
https://github.com/FasterXML/jackson-modules-java8/jackson-datatype-jdk8)
+ * Jackson datatype: JSR310
(com.fasterxml.jackson.datatype:jackson-datatype-jsr310:2.10.5 -
https://github.com/FasterXML/jackson-modules-java8/jackson-datatype-jsr310)
+ * Jackson-datatype-Joda
(com.fasterxml.jackson.datatype:jackson-datatype-joda:2.10.5 -
http://wiki.fasterxml.com/JacksonModuleJoda)
* Jackson Integration for Metrics
(io.dropwizard.metrics:metrics-json:3.1.0 -
http://metrics.codahale.com/metrics-json/)
* Jackson Integration for Metrics
(io.dropwizard.metrics:metrics-json:4.0.5 -
http://metrics.dropwizard.io/metrics-json)
- * Jackson-JAXRS-base
(com.fasterxml.jackson.jaxrs:jackson-jaxrs-base:2.10.0 -
http://github.com/FasterXML/jackson-jaxrs-providers/jackson-jaxrs-base)
- * Jackson-JAXRS-JSON
(com.fasterxml.jackson.jaxrs:jackson-jaxrs-json-provider:2.10.0 -
http://github.com/FasterXML/jackson-jaxrs-providers/jackson-jaxrs-json-provider)
- * Jackson module: Afterburner
(com.fasterxml.jackson.module:jackson-module-afterburner:2.10.0 -
https://github.com/FasterXML/jackson-modules-base)
- * Jackson module: JAXB Annotations
(com.fasterxml.jackson.module:jackson-module-jaxb-annotations:2.10.0 -
https://github.com/FasterXML/jackson-modules-base)
- * Jackson-module-parameter-names
(com.fasterxml.jackson.module:jackson-module-parameter-names:2.10.0 -
https://github.com/FasterXML/jackson-modules-java8/jackson-module-parameter-names)
+ * Jackson-JAXRS-base
(com.fasterxml.jackson.jaxrs:jackson-jaxrs-base:2.10.5 -
http://github.com/FasterXML/jackson-jaxrs-providers/jackson-jaxrs-base)
+ * Jackson-JAXRS-JSON
(com.fasterxml.jackson.jaxrs:jackson-jaxrs-json-provider:2.10.5 -
http://github.com/FasterXML/jackson-jaxrs-providers/jackson-jaxrs-json-provider)
+ * Jackson module: Afterburner
(com.fasterxml.jackson.module:jackson-module-afterburner:2.10.5 -
https://github.com/FasterXML/jackson-modules-base)
+ * Jackson module: JAXB Annotations
(com.fasterxml.jackson.module:jackson-module-jaxb-annotations:2.10.5 -
https://github.com/FasterXML/jackson-modules-base)
+ * Jackson-module-parameter-names
(com.fasterxml.jackson.module:jackson-module-parameter-names:2.10.5 -
https://github.com/FasterXML/jackson-modules-java8/jackson-module-parameter-names)
* jasper-compiler (tomcat:jasper-compiler:5.5.23 -
http://tomcat.apache.org/jasper-compiler)
* jasper-runtime (tomcat:jasper-runtime:5.5.23 -
http://tomcat.apache.org/jasper-runtime)
* Java Authentication SPI for Containers
(org.apache.geronimo.specs:geronimo-jaspic_1.0_spec:1.0 -
http://geronimo.apache.org/maven/specs/geronimo-jaspic_1.0_spec/1.0)
diff --git a/LICENSE-binary b/LICENSE-binary
index c18163179..9fc6ac2fb 100644
--- a/LICENSE-binary
+++ b/LICENSE-binary
@@ -851,22 +851,22 @@ The license texts of these dependencies can be found in
the licenses directory.
* j2html (com.j2html:j2html:1.0.0 - http://j2html.com)
* J2ObjC Annotations (com.google.j2objc:j2objc-annotations:1.1 -
https://github.com/google/j2objc/)
* Jackson (org.codehaus.jackson:jackson-core-asl:1.9.13 -
http://jackson.codehaus.org)
- * Jackson-annotations
(com.fasterxml.jackson.core:jackson-annotations:2.10.0 -
http://github.com/FasterXML/jackson)
- * Jackson-core (com.fasterxml.jackson.core:jackson-core:2.10.0 -
https://github.com/FasterXML/jackson-core)
- * jackson-databind (com.fasterxml.jackson.core:jackson-databind:2.10.0
- http://github.com/FasterXML/jackson)
- * Jackson dataformat: Smile
(com.fasterxml.jackson.dataformat:jackson-dataformat-smile:2.10.0 -
http://github.com/FasterXML/jackson-dataformats-binary)
- * Jackson-dataformat-YAML
(com.fasterxml.jackson.dataformat:jackson-dataformat-yaml:2.10.0 -
https://github.com/FasterXML/jackson-dataformats-text)
- * Jackson datatype: Guava
(com.fasterxml.jackson.datatype:jackson-datatype-guava:2.10.0 -
https://github.com/FasterXML/jackson-datatypes-collections)
- * Jackson datatype: jdk8
(com.fasterxml.jackson.datatype:jackson-datatype-jdk8:2.10.0 -
https://github.com/FasterXML/jackson-modules-java8/jackson-datatype-jdk8)
- * Jackson datatype: JSR310
(com.fasterxml.jackson.datatype:jackson-datatype-jsr310:2.10.0 -
https://github.com/FasterXML/jackson-modules-java8/jackson-datatype-jsr310)
- * Jackson-datatype-Joda
(com.fasterxml.jackson.datatype:jackson-datatype-joda:2.10.0 -
http://wiki.fasterxml.com/JacksonModuleJoda)
+ * Jackson-annotations
(com.fasterxml.jackson.core:jackson-annotations:2.10.5 -
http://github.com/FasterXML/jackson)
+ * Jackson-core (com.fasterxml.jackson.core:jackson-core:2.10.5 -
https://github.com/FasterXML/jackson-core)
+ * jackson-databind (com.fasterxml.jackson.core:jackson-databind:2.10.5
- http://github.com/FasterXML/jackson)
+ * Jackson dataformat: Smile
(com.fasterxml.jackson.dataformat:jackson-dataformat-smile:2.10.5 -
http://github.com/FasterXML/jackson-dataformats-binary)
+ * Jackson-dataformat-YAML
(com.fasterxml.jackson.dataformat:jackson-dataformat-yaml:2.10.5 -
https://github.com/FasterXML/jackson-dataformats-text)
+ * Jackson datatype: Guava
(com.fasterxml.jackson.datatype:jackson-datatype-guava:2.10.5 -
https://github.com/FasterXML/jackson-datatypes-collections)
+ * Jackson datatype: jdk8
(com.fasterxml.jackson.datatype:jackson-datatype-jdk8:2.10.5 -
https://github.com/FasterXML/jackson-modules-java8/jackson-datatype-jdk8)
+ * Jackson datatype: JSR310
(com.fasterxml.jackson.datatype:jackson-datatype-jsr310:2.10.5 -
https://github.com/FasterXML/jackson-modules-java8/jackson-datatype-jsr310)
+ * Jackson-datatype-Joda
(com.fasterxml.jackson.datatype:jackson-datatype-joda:2.10.5 -
http://wiki.fasterxml.com/JacksonModuleJoda)
* Jackson Integration for Metrics
(io.dropwizard.metrics:metrics-json:3.1.0 -
http://metrics.codahale.com/metrics-json/)
* Jackson Integration for Metrics
(io.dropwizard.metrics:metrics-json:4.0.5 -
http://metrics.dropwizard.io/metrics-json)
- * Jackson-JAXRS-base
(com.fasterxml.jackson.jaxrs:jackson-jaxrs-base:2.10.0 -
http://github.com/FasterXML/jackson-jaxrs-providers/jackson-jaxrs-base)
- * Jackson-JAXRS-JSON
(com.fasterxml.jackson.jaxrs:jackson-jaxrs-json-provider:2.10.0 -
http://github.com/FasterXML/jackson-jaxrs-providers/jackson-jaxrs-json-provider)
- * Jackson module: Afterburner
(com.fasterxml.jackson.module:jackson-module-afterburner:2.10.0 -
https://github.com/FasterXML/jackson-modules-base)
- * Jackson module: JAXB Annotations
(com.fasterxml.jackson.module:jackson-module-jaxb-annotations:2.10.0 -
https://github.com/FasterXML/jackson-modules-base)
- * Jackson-module-parameter-names
(com.fasterxml.jackson.module:jackson-module-parameter-names:2.10.0 -
https://github.com/FasterXML/jackson-modules-java8/jackson-module-parameter-names)
+ * Jackson-JAXRS-base
(com.fasterxml.jackson.jaxrs:jackson-jaxrs-base:2.10.5 -
http://github.com/FasterXML/jackson-jaxrs-providers/jackson-jaxrs-base)
+ * Jackson-JAXRS-JSON
(com.fasterxml.jackson.jaxrs:jackson-jaxrs-json-provider:2.10.5 -
http://github.com/FasterXML/jackson-jaxrs-providers/jackson-jaxrs-json-provider)
+ * Jackson module: Afterburner
(com.fasterxml.jackson.module:jackson-module-afterburner:2.10.5 -
https://github.com/FasterXML/jackson-modules-base)
+ * Jackson module: JAXB Annotations
(com.fasterxml.jackson.module:jackson-module-jaxb-annotations:2.10.5 -
https://github.com/FasterXML/jackson-modules-base)
+ * Jackson-module-parameter-names
(com.fasterxml.jackson.module:jackson-module-parameter-names:2.10.5 -
https://github.com/FasterXML/jackson-modules-java8/jackson-module-parameter-names)
* jasper-compiler (tomcat:jasper-compiler:5.5.23 -
http://tomcat.apache.org/jasper-compiler)
* jasper-runtime (tomcat:jasper-runtime:5.5.23 -
http://tomcat.apache.org/jasper-runtime)
diff --git a/external/storm-cassandra/pom.xml b/external/storm-cassandra/pom.xml
index 9b1597ebd..325b4fd5e 100644
--- a/external/storm-cassandra/pom.xml
+++ b/external/storm-cassandra/pom.xml
@@ -33,7 +33,6 @@
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<org.slf4j.version>1.7.6</org.slf4j.version>
- <jackson.databind.version>2.3.2</jackson.databind.version>
<junit.version>4.11</junit.version>
<guava.version>16.0.1</guava.version>
<commons-lang3.version>3.3</commons-lang3.version>
diff --git a/external/storm-elasticsearch/pom.xml
b/external/storm-elasticsearch/pom.xml
index da4f5d0d1..8e86890e1 100644
--- a/external/storm-elasticsearch/pom.xml
+++ b/external/storm-elasticsearch/pom.xml
@@ -78,6 +78,7 @@
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
+ <version>${jackson.databind.version}</version>
</dependency>
<dependency>
<groupId>com.google.guava</groupId>
diff --git a/external/storm-hbase/pom.xml b/external/storm-hbase/pom.xml
index 831740e79..4a93432e1 100644
--- a/external/storm-hbase/pom.xml
+++ b/external/storm-hbase/pom.xml
@@ -103,6 +103,7 @@
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
+ <version>${jackson.databind.version}</version>
</dependency>
<dependency>
<groupId>org.mockito</groupId>
diff --git a/external/storm-kafka-client/pom.xml
b/external/storm-kafka-client/pom.xml
index d16e0a4c7..5599c0767 100644
--- a/external/storm-kafka-client/pom.xml
+++ b/external/storm-kafka-client/pom.xml
@@ -77,6 +77,7 @@
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
+ <version>${jackson.databind.version}</version>
</dependency>
<dependency>
<groupId>com.google.guava</groupId>
diff --git a/external/storm-kafka-migration/pom.xml
b/external/storm-kafka-migration/pom.xml
index 54e90482a..52a062bce 100644
--- a/external/storm-kafka-migration/pom.xml
+++ b/external/storm-kafka-migration/pom.xml
@@ -49,6 +49,7 @@
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
+ <version>${jackson.databind.version}</version>
</dependency>
<dependency>
diff --git a/external/storm-opentsdb/pom.xml b/external/storm-opentsdb/pom.xml
index ab575e382..bb312c069 100644
--- a/external/storm-opentsdb/pom.xml
+++ b/external/storm-opentsdb/pom.xml
@@ -53,6 +53,7 @@
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
+ <version>${jackson.databind.version}</version>
</dependency>
<dependency>
<groupId>org.glassfish.jersey.core</groupId>
diff --git a/external/storm-redis/pom.xml b/external/storm-redis/pom.xml
index e8ff18471..cf3c2b4c0 100644
--- a/external/storm-redis/pom.xml
+++ b/external/storm-redis/pom.xml
@@ -67,6 +67,7 @@
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
+ <version>${jackson.databind.version}</version>
</dependency>
<!--test dependencies -->
<dependency>
diff --git a/pom.xml b/pom.xml
index 2645ffe2a..d9f2a5126 100644
--- a/pom.xml
+++ b/pom.xml
@@ -338,7 +338,8 @@
<activemq.version>5.15.15</activemq.version>
<rocketmq.version>4.2.0</rocketmq.version>
- <jackson.version>2.10.0</jackson.version>
+ <jackson.version>2.10.5</jackson.version>
+ <jackson.databind.version>2.10.5.1</jackson.databind.version>
<storm.kafka.client.version>0.11.0.3</storm.kafka.client.version>
diff --git a/sql/storm-sql-runtime/pom.xml b/sql/storm-sql-runtime/pom.xml
index 55b3c3cb9..993728395 100644
--- a/sql/storm-sql-runtime/pom.xml
+++ b/sql/storm-sql-runtime/pom.xml
@@ -97,6 +97,7 @@
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
+ <version>${jackson.databind.version}</version>
</dependency>
<dependency>
<groupId>org.apache.avro</groupId>
diff --git a/storm-server/pom.xml b/storm-server/pom.xml
index 0b999333a..d26e89ebe 100644
--- a/storm-server/pom.xml
+++ b/storm-server/pom.xml
@@ -128,6 +128,7 @@
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
+ <version>${jackson.databind.version}</version>
</dependency>
<dependency>
<groupId>org.junit.jupiter</groupId>
diff --git a/storm-webapp/pom.xml b/storm-webapp/pom.xml
index 865641db8..c4e63996c 100644
--- a/storm-webapp/pom.xml
+++ b/storm-webapp/pom.xml
@@ -77,6 +77,7 @@
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
+ <version>${jackson.databind.version}</version>
</dependency>
<dependency>
