[
https://issues.apache.org/jira/browse/AVRO-3658?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17630586#comment-17630586
]
ASF subversion and git services commented on AVRO-3658:
-------------------------------------------------------
Commit edd59e166c0ff06f3b5af2c27af056d559a76aeb in avro's branch
refs/heads/avro-3646-serde-for-enum-mixed-variants from dependabot[bot]
[ https://gitbox.apache.org/repos/asf?p=avro.git;h=edd59e166 ]
Bump jackson-bom from 2.12.7.20221012 to 2.14.0 in /lang/java (#1944)
AVRO-3658: Bumps [jackson-bom](https://github.com/FasterXML/jackson-bom) from
2.12.7.20221012 to 2.14.0.
- [Release notes](https://github.com/FasterXML/jackson-bom/releases)
-
[Commits](https://github.com/FasterXML/jackson-bom/compare/jackson-bom-2.12.7.20221012...jackson-bom-2.14.0)
---
updated-dependencies:
- dependency-name: com.fasterxml.jackson:jackson-bom
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <[email protected]>
Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot]
<49699333+dependabot[bot]@users.noreply.github.com>
> Bump jackson to address CVE-2020-36518
> --------------------------------------
>
> Key: AVRO-3658
> URL: https://issues.apache.org/jira/browse/AVRO-3658
> Project: Apache Avro
> Issue Type: Improvement
> Components: java
> Affects Versions: 1.11.1
> Reporter: Pavel Moskotin
> Assignee: Martin Tzvetanov Grigorov
> Priority: Major
> Labels: pull-request-available
> Fix For: 1.12.0
>
> Time Spent: 1h 50m
> Remaining Estimate: 0h
>
> Current version of Jackson dependency for AVRO/Java
> {code:xml}
> <jackson-bom.version>2.12.7.20221012</jackson-bom.version>
> {code}
> bringsĀ CVE-2020-36518.
> This is covered by next versions, for example - in
> {code:xml}
> <jackson-bom.version>2.13.4</jackson-bom.version>
> {code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
