This is an automated email from the ASF dual-hosted git repository.
btellier pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/james-project.git
The following commit(s) were added to refs/heads/master by this push:
new caa890d [UPGRADE] Upgrade jackson 2.12.4 -> 2.13.1 (#815)
caa890d is described below
commit caa890d3d04c8c410fe1e85e827b16c38e210a0e
Author: Benoit TELLIER <[email protected]>
AuthorDate: Wed Jan 5 18:11:44 2022 +0700
[UPGRADE] Upgrade jackson 2.12.4 -> 2.13.1 (#815)
Solves
https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-2326698
Denial of Service (DoS)
Affected versions of this package are vulnerable to
Denial of Service (DoS) when using JDK serialization
to serialize and deserialize JsonNode values. It is
possible for the attacker to send a 4-byte length
payload, with a value of Integer.MAX_VALUE , that
will eventually cause large buffer allocation and
out of heap memory.
---
pom.xml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/pom.xml b/pom.xml
index 6a26af1..6c07dc0 100644
--- a/pom.xml
+++ b/pom.xml
@@ -614,7 +614,7 @@
<cucumber.version>2.4.0</cucumber.version>
<pax-logging-api.version>1.6.4</pax-logging-api.version>
- <jackson.version>2.12.4</jackson.version>
+ <jackson.version>2.13.1</jackson.version>
<feign.version>11.6</feign.version>
<feign-form.version>3.8.0</feign-form.version>
<jjwt.version>0.11.2</jjwt.version>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
