You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@avro.apache.org by nk...@apache.org on 2019/05/20 09:49:39 UTC

[avro] branch master updated: AVRO-2398 Bump Jackson to 2.9.9 (#523)

This is an automated email from the ASF dual-hosted git repository.

nkollar pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/avro.git


The following commit(s) were added to refs/heads/master by this push:
     new 4fe2595  AVRO-2398 Bump Jackson to 2.9.9 (#523)
4fe2595 is described below

commit 4fe259547614b68b65989fd7c6cd69eb9fa25544
Author: Fokko Driesprong <fo...@apache.org>
AuthorDate: Mon May 20 11:49:33 2019 +0200

    AVRO-2398 Bump Jackson to 2.9.9 (#523)
    
    This fixes CVE-2019-12086 on Databind:
    https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.9
---
 lang/java/pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lang/java/pom.xml b/lang/java/pom.xml
index 6a87ecf..4390b86 100644
--- a/lang/java/pom.xml
+++ b/lang/java/pom.xml
@@ -40,7 +40,7 @@
     <!-- version properties for dependencies -->
 
     <hadoop.version>2.7.3</hadoop.version>
-    <jackson.version>2.9.8</jackson.version>
+    <jackson.version>2.9.9</jackson.version>
     <servlet-api.version>3.1.0</servlet-api.version>
     <jetty.version>9.4.15.v20190215</jetty.version>
     <jopt-simple.version>5.0.4</jopt-simple.version>