You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@brooklyn.apache.org by jc...@apache.org on 2022/10/19 07:45:32 UTC

[brooklyn-server] branch update-snakeyaml-1.31 created (now a56a05f1d3)

This is an automated email from the ASF dual-hosted git repository.

jcabrerizo pushed a change to branch update-snakeyaml-1.31
in repository https://gitbox.apache.org/repos/asf/brooklyn-server.git


      at a56a05f1d3 Updated snakeyaml and jackson to patch CVE-2022-25857 and CVE-2022-38749

This branch includes the following new commits:

     new a56a05f1d3 Updated snakeyaml and jackson to patch CVE-2022-25857 and CVE-2022-38749

The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.

[brooklyn-server] 01/01: Updated snakeyaml and jackson to patch CVE-2022-25857 and CVE-2022-38749

Posted by jc...@apache.org.

This is an automated email from the ASF dual-hosted git repository.

jcabrerizo pushed a commit to branch update-snakeyaml-1.31
in repository https://gitbox.apache.org/repos/asf/brooklyn-server.git

commit a56a05f1d38a7b3a3062349c5e2b6b6d9a82f896
Author: Juan Cabrerizo <ju...@cabrerizo.es>
AuthorDate: Wed Oct 19 09:45:24 2022 +0200

    Updated snakeyaml and jackson to patch CVE-2022-25857 and CVE-2022-38749
---
 pom.xml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pom.xml b/pom.xml
index 306fb6dd73..7d0a6729c0 100644
--- a/pom.xml
+++ b/pom.xml
@@ -130,7 +130,7 @@
         <jakarta.activation.version>1.2.2</jakarta.activation.version>
         <jakarta.mail.version>1.6.5</jakarta.mail.version> <!-- used by karaf -->
         <!-- double-check downstream projects before changing jackson version -->
-        <fasterxml.jackson.version>2.13.3</fasterxml.jackson.version>
+        <fasterxml.jackson.version>2.13.4</fasterxml.jackson.version>
         <cxf.version>3.4.1</cxf.version>
         <httpcomponents.httpclient.version>4.5.13</httpcomponents.httpclient.version> <!-- To match cxf-http-async -->
         <httpcomponents.httpcore.version>4.4.14</httpcomponents.httpcore.version> <!-- To match cxf -->
@@ -138,7 +138,7 @@
         <httpclient.version>4.5.13</httpclient.version> <!-- kept for compatibility in 0.11.0-SNAPSHOT, remove after -->
         <commons-lang3.version>3.12.0</commons-lang3.version>
         <groovy.version>2.4.15</groovy.version> <!-- Version 2.4.7 supported by https://github.com/groovy/groovy-eclipse/wiki/Groovy-Eclipse-2.9.1-Release-Notes; not sure what more recent will be -->
-        <snakeyaml.version>1.30</snakeyaml.version> <!-- 1.30 matches jackson 2.13; 1.27 matches cxf-jackson 3.3.9 -->
+        <snakeyaml.version>1.31</snakeyaml.version> <!-- 1.30 matches jackson 2.13.4; 1.27 matches cxf-jackson 3.3.9 -->
         <snakeyaml.jclouds.version>1.26</snakeyaml.jclouds.version> <!-- jclouds 2.4 imports this -->
         <!-- Next version of swagger requires changes to how path mapping and scanner injection are done. -->
         <swagger.version>1.6.2</swagger.version>