Change in asterixdb[neo]: [NO ISSUE][HYR] Update Jackson to 2.19.2 to address CVEs

Fri, 22 Aug 2025 15:42:07 -0700 

>From Michael Blow <mb...@apache.org>:

Attention is currently required from: Ali Alsuliman.
Hello Ali Alsuliman, Jenkins, Anon. E. Moose #1000171,

I'd like you to reexamine a change. Please visit

    https://asterix-gerrit.ics.uci.edu/c/asterixdb/+/20251

to look at the new patch set (#8).

Change subject: [NO ISSUE][HYR] Update Jackson to 2.19.2 to address CVEs
......................................................................

[NO ISSUE][HYR] Update Jackson to 2.19.2 to address CVEs

- user model changes: yes
- storage format changes: no
- interface changes: no

Adds new common properties to allow users to customize limits intro'd
in Jackson 2.15:

• JSON_MAX_DEPTH - The maximum nesting depth for JSON objects. The depth
  is a count of objects and arrays that have not been closed, { and [
  respectively (default: 1000)

• JSON_MAX_DOC_LENGTH - The maximum length of a JSON document in bytes
  (<=0 is no limit) (default: -1)

• JSON_MAX_TOKEN_COUNT - The maximum number of JSON tokens in a JSON
  object (<=0 is no limit). A token is a single unit of input, such as a
  number, a string, an object start or end, or an array start or end
  (default: -1)

• JSON_MAX_NUMBER_LENGTH - The maximum length of a JSON number in bytes
  (default: 1000)

• JSON_MAX_STRING_LENGTH - The maximum length of a JSON string in bytes
  (default: Integer.MAX_VALUE (2147483647))

• JSON_MAX_NAME_LENGTH - The maximum length of a JSON name in bytes
  (default: 50000)

- update Azure libraries, since they also include Jackson
- update Netty libraries, for CVEs

Ext-ref: MB-68123
Change-Id: Ic0b744711dd5097fbc3bff581f49e6fce857a409
---
M 
hyracks-fullstack/hyracks/hyracks-util/src/main/java/org/apache/hyracks/util/StorageUtil.java
M asterixdb/pom.xml
M 
asterixdb/asterix-common/src/main/java/org/apache/asterix/common/config/AsterixProperties.java
M 
asterixdb/asterix-common/src/main/java/org/apache/asterix/common/api/IPropertiesFactory.java
M 
asterixdb/asterix-app/src/test/java/org/apache/asterix/common/config/ConfigUsageTest.java
M 
asterixdb/asterix-common/src/main/java/org/apache/asterix/common/config/PropertiesFactory.java
M 
hyracks-fullstack/hyracks/hyracks-control/hyracks-control-cc/src/main/java/org/apache/hyracks/control/cc/CCDriver.java
M hyracks-fullstack/pom.xml
M 
hyracks-fullstack/hyracks/hyracks-control/hyracks-control-common/src/main/java/org/apache/hyracks/control/common/config/ConfigManager.java
A 
asterixdb/asterix-common/src/main/java/org/apache/asterix/common/config/JacksonProperties.java
M 
hyracks-fullstack/hyracks/hyracks-util/src/test/java/org/apache/hyracks/util/StorageUnitTest.java
M 
hyracks-fullstack/hyracks/hyracks-control/hyracks-control-common/src/main/java/org/apache/hyracks/control/common/controllers/NCConfig.java
12 files changed, 374 insertions(+), 36 deletions(-)


  git pull ssh://asterix-gerrit.ics.uci.edu:29418/asterixdb 
refs/changes/51/20251/8
--
To view, visit https://asterix-gerrit.ics.uci.edu/c/asterixdb/+/20251
To unsubscribe, or for help writing mail filters, visit 
https://asterix-gerrit.ics.uci.edu/settings

Gerrit-Project: asterixdb
Gerrit-Branch: neo
Gerrit-Change-Id: Ic0b744711dd5097fbc3bff581f49e6fce857a409
Gerrit-Change-Number: 20251
Gerrit-PatchSet: 8
Gerrit-Owner: Michael Blow <mb...@apache.org>
Gerrit-Reviewer: Ali Alsuliman <ali.al.solai...@gmail.com>
Gerrit-Reviewer: Anon. E. Moose #1000171
Gerrit-Reviewer: Jenkins <jenk...@fulliautomatix.ics.uci.edu>
Gerrit-Reviewer: Michael Blow <mb...@apache.org>
Gerrit-Attention: Ali Alsuliman <ali.al.solai...@gmail.com>
Gerrit-MessageType: newpatchset

Reply via email to