You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@avro.apache.org by nk...@apache.org on 2019/05/20 09:49:39 UTC
[avro] branch master updated: AVRO-2398 Bump Jackson to 2.9.9 (#523)
This is an automated email from the ASF dual-hosted git repository.
nkollar pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/avro.git
The following commit(s) were added to refs/heads/master by this push:
new 4fe2595 AVRO-2398 Bump Jackson to 2.9.9 (#523)
4fe2595 is described below
commit 4fe259547614b68b65989fd7c6cd69eb9fa25544
Author: Fokko Driesprong <fo...@apache.org>
AuthorDate: Mon May 20 11:49:33 2019 +0200
AVRO-2398 Bump Jackson to 2.9.9 (#523)
This fixes CVE-2019-12086 on Databind:
https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.9
---
lang/java/pom.xml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lang/java/pom.xml b/lang/java/pom.xml
index 6a87ecf..4390b86 100644
--- a/lang/java/pom.xml
+++ b/lang/java/pom.xml
@@ -40,7 +40,7 @@
<!-- version properties for dependencies -->
<hadoop.version>2.7.3</hadoop.version>
- <jackson.version>2.9.8</jackson.version>
+ <jackson.version>2.9.9</jackson.version>
<servlet-api.version>3.1.0</servlet-api.version>
<jetty.version>9.4.15.v20190215</jetty.version>
<jopt-simple.version>5.0.4</jopt-simple.version>