[zookeeper] branch master updated: ZOOKEEPER-4045: CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1

nkalmar Wed, 06 Jan 2021 10:50:24 -0800

This is an automated email from the ASF dual-hosted git repository.

nkalmar pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/zookeeper.git



The following commit(s) were added to refs/heads/master by this push:
     new 676d10b  ZOOKEEPER-4045: CVE-2020-25649 - Upgrade jackson databind to 
2.10.5.1
676d10b is described below

commit 676d10b2fad97c69e4083619cb1db223ed1896a4
Author: Edwin Hobor <[email protected]>
AuthorDate: Wed Jan 6 19:50:08 2021 +0100

    ZOOKEEPER-4045: CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1
    
    Jackson reported a vulnerability under CVE-2020-25649. Upgrading to 
2.10.5.1 will resolve the problem. See 
https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.10#micro-patches 
for more details.
    
    Author: Edwin Hobor <[email protected]>
    
    Reviewers: Mate Szalay-Beko <[email protected]>, Norbert Kalmar 
<[email protected]>
    
    Closes #1572 from edwin092/ZOOKEEPER-4045
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 837dcef..1c485d9 100755
--- a/pom.xml
+++ b/pom.xml
@@ -439,7 +439,7 @@
     <commons-cli.version>1.4</commons-cli.version>
     <netty.version>4.1.50.Final</netty.version>
     <jetty.version>9.4.35.v20201120</jetty.version>
-    <jackson.version>2.10.5</jackson.version>
+    <jackson.version>2.10.5.1</jackson.version>
     <jline.version>2.14.6</jline.version>
     <snappy.version>1.1.7.7</snappy.version>
     <kerby.version>2.0.0</kerby.version>

[zookeeper] branch master updated: ZOOKEEPER-4045: CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1

Reply via email to