(incubator-seata) branch 2.x updated: security: upgrade jackson version (#6338)

[xingfudeshi]

This is an automated email from the ASF dual-hosted git repository.

xingfudeshi pushed a commit to branch 2.x
in repository https://gitbox.apache.org/repos/asf/incubator-seata.git


The following commit(s) were added to refs/heads/2.x by this push:
     new bfe6983bda security: upgrade jackson version (#6338)
bfe6983bda is described below

commit bfe6983bdaa7ed9995304f40b99e80d5f1665974
Author: jimin <sliev...@163.com>
AuthorDate: Wed Feb 12 14:09:38 2025 +0800

    security: upgrade jackson version (#6338)
---
 all/pom.xml          | 10 ++++++++++
 changes/en-us/2.x.md |  6 +++++-
 changes/zh-cn/2.x.md |  6 +++++-
 dependencies/pom.xml | 16 ++++++++++++++++
 4 files changed, 36 insertions(+), 2 deletions(-)

diff --git a/all/pom.xml b/all/pom.xml
index 867ec15c55..cef3c32c42 100644
--- a/all/pom.xml
+++ b/all/pom.xml
@@ -596,6 +596,16 @@
         <dependency>
             <groupId>com.fasterxml.jackson.core</groupId>
             <artifactId>jackson-databind</artifactId>
+        <scope>provided</scope>
+        </dependency>
+        <dependency>
+            <groupId>com.fasterxml.jackson.core</groupId>
+            <artifactId>jackson-core</artifactId>
+            <scope>provided</scope>
+        </dependency>
+        <dependency>
+            <groupId>com.fasterxml.jackson.core</groupId>
+            <artifactId>jackson-annotations</artifactId>
             <scope>provided</scope>
         </dependency>
         <dependency>
diff --git a/changes/en-us/2.x.md b/changes/en-us/2.x.md
index ec5028808d..05922a8428 100644
--- a/changes/en-us/2.x.md
+++ b/changes/en-us/2.x.md
@@ -37,8 +37,12 @@ Add changes here for all PR submitted to the 2.x branch.
 
 
 ### security:
+- [[#6069](https://github.com/apache/incubator-seata/pull/6069)] Upgrade Guava 
dependencies to fix security vulnerabilities
+- [[#6145](https://github.com/apache/incubator-seata/pull/6145)] upgrade 
jettison to 1.5.4
+- [[#6144](https://github.com/apache/incubator-seata/pull/6144)] upgrade nacos 
client to 1.4.6
+- [[#6147](https://github.com/apache/incubator-seata/pull/6147)] upgrade 
kafka-clients to 3.6.1
+- [[#6338](https://github.com/apache/incubator-seata/pull/6338)] upgrade 
jackson version
 
-- [[#PR_NO](https://github.com/apache/incubator-seata/pull/PR_NO)] upgrade XXX
 
 ### test:
 
diff --git a/changes/zh-cn/2.x.md b/changes/zh-cn/2.x.md
index fcd62bc04a..b329fb81d5 100644
--- a/changes/zh-cn/2.x.md
+++ b/changes/zh-cn/2.x.md
@@ -37,8 +37,12 @@
 
 
 ### security:
+- [[#6069](https://github.com/apache/incubator-seata/pull/6069)] 
升级Guava依赖版本，修复安全漏洞
+- [[#6144](https://github.com/apache/incubator-seata/pull/6144)] 
升级Nacos依赖版本至1.4.6
+- [[#6145](https://github.com/apache/incubator-seata/pull/6145)] 升级 
jettison依赖版本至1.5.4
+- [[#6147](https://github.com/apache/incubator-seata/pull/6147)] 升级 
kafka-clients依赖至3.6.1
+- [[#6338](https://github.com/apache/incubator-seata/pull/6338)] 升级 jackson 
依赖版本
 
-- [[#PR_NO](https://github.com/apache/incubator-seata/pull/PR_NO)] 升级XXX
 
 ### test:
 
diff --git a/dependencies/pom.xml b/dependencies/pom.xml
index f6475d8f8a..d5483d88cf 100644
--- a/dependencies/pom.xml
+++ b/dependencies/pom.xml
@@ -85,6 +85,7 @@
         <fastjson2.version>2.0.52</fastjson2.version>
         <groovy.version>2.4.4</groovy.version>
         <zstd.version>1.5.0-4</zstd.version>
+        <jackson.version>2.16.0</jackson.version>
         <xstream.version>1.4.21</xstream.version>
         <checker-qual.version>3.37.0</checker-qual.version>
         
<error_prone_annotations.version>2.21.1</error_prone_annotations.version>
@@ -883,6 +884,21 @@
                 <artifactId>fury-core</artifactId>
                 <version>${fury.version}</version>
             </dependency>
+            <dependency>
+                <groupId>com.fasterxml.jackson.core</groupId>
+                <artifactId>jackson-databind</artifactId>
+                <version>${jackson.version}</version>
+            </dependency>
+            <dependency>
+                <groupId>com.fasterxml.jackson.core</groupId>
+                <artifactId>jackson-core</artifactId>
+                <version>${jackson.version}</version>
+            </dependency>
+            <dependency>
+                <groupId>com.fasterxml.jackson.core</groupId>
+                <artifactId>jackson-annotations</artifactId>
+                <version>${jackson.version}</version>
+            </dependency>
         </dependencies>
     </dependencyManagement>
 </project>


---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscr...@seata.apache.org
For additional commands, e-mail: notifications-h...@seata.apache.org