You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@inlong.apache.org by do...@apache.org on 2022/10/20 11:13:15 UTC
[inlong] branch master updated: [INLONG-6236][CVE] Fix the CVE-2022-42003 for jackson-databind (#6237)
This is an automated email from the ASF dual-hosted git repository.
dockerzhang pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/inlong.git
The following commit(s) were added to refs/heads/master by this push:
new 7b40f0b10 [INLONG-6236][CVE] Fix the CVE-2022-42003 for jackson-databind (#6237)
7b40f0b10 is described below
commit 7b40f0b10db7252ecc963e13566d8167675e82dc
Author: Charles Zhang <do...@apache.org>
AuthorDate: Thu Oct 20 19:13:10 2022 +0800
[INLONG-6236][CVE] Fix the CVE-2022-42003 for jackson-databind (#6237)
---
licenses/inlong-agent/LICENSE | 2 +-
licenses/inlong-audit/LICENSE | 2 +-
licenses/inlong-dataproxy/LICENSE | 2 +-
licenses/inlong-manager/LICENSE | 2 +-
licenses/inlong-sort-connectors/LICENSE | 2 +-
licenses/inlong-sort-standalone/LICENSE | 2 +-
licenses/inlong-tubemq-manager/LICENSE | 2 +-
pom.xml | 2 +-
8 files changed, 8 insertions(+), 8 deletions(-)
diff --git a/licenses/inlong-agent/LICENSE b/licenses/inlong-agent/LICENSE
index 9738923c3..67f86c53e 100644
--- a/licenses/inlong-agent/LICENSE
+++ b/licenses/inlong-agent/LICENSE
@@ -395,7 +395,7 @@ The text of each license is the standard Apache 2.0 license.
com.google.j2objc:j2objc-annotations:1.3 - J2ObjC Annotations (https://github.com/google/j2objc/), (The Apache Software License, Version 2.0)
com.fasterxml.jackson.core:jackson-annotations:2.13.2 - Jackson-annotations (https://github.com/FasterXML/jackson-annotations/tree/jackson-annotations-2.13.2), (The Apache Software License, Version 2.0)
com.fasterxml.jackson.core:jackson-core:2.13.2 - Jackson-core (https://github.com/FasterXML/jackson-core/tree/jackson-core-2.13.2), (The Apache Software License, Version 2.0)
- com.fasterxml.jackson.core:jackson-databind:2.13.2.2 - jackson-databind (https://github.com/FasterXML/jackson-databind/tree/jackson-databind-2.13.2.2), (The Apache Software License, Version 2.0)
+ com.fasterxml.jackson.core:jackson-databind:2.13.4.2 - jackson-databind (https://github.com/FasterXML/jackson-databind/tree/jackson-databind-2.13.4.2), (The Apache Software License, Version 2.0)
com.fasterxml.jackson.dataformat:jackson-dataformat-csv:2.10.0 - Jackson-dataformat-CSV (https://github.com/FasterXML/jackson-dataformats-text/tree/jackson-dataformats-text-2.10.0), (The Apache Software License, Version 2.0)
com.fasterxml.jackson.datatype:jackson-datatype-jdk8:2.10.0 - Jackson datatype: jdk8 (https://github.com/FasterXML/jackson-modules-java8/tree/jackson-modules-java8-2.10.0), (The Apache Software License, Version 2.0)
jakarta.validation:jakarta.validation-api:2.0.2 - Jakarta Bean Validation API (https://beanvalidation.org), (Apache License 2.0)
diff --git a/licenses/inlong-audit/LICENSE b/licenses/inlong-audit/LICENSE
index 8e9147d14..15c7420c6 100644
--- a/licenses/inlong-audit/LICENSE
+++ b/licenses/inlong-audit/LICENSE
@@ -393,7 +393,7 @@ The text of each license is the standard Apache 2.0 license.
com.google.j2objc:j2objc-annotations:1.3 - J2ObjC Annotations (https://github.com/google/j2objc/), (The Apache Software License, Version 2.0)
com.fasterxml.jackson.core:jackson-annotations:2.13.2 - Jackson-annotations (https://github.com/FasterXML/jackson-annotations/tree/jackson-annotations-2.13.2), (The Apache Software License, Version 2.0)
com.fasterxml.jackson.core:jackson-core:2.13.2 - Jackson-core (https://github.com/FasterXML/jackson-core/tree/jackson-core-2.13.2), (The Apache Software License, Version 2.0)
- com.fasterxml.jackson.core:jackson-databind:2.13.2.2 - jackson-databind (https://github.com/FasterXML/jackson-databind/tree/jackson-databind-2.13.2.2), (The Apache Software License, Version 2.0)
+ com.fasterxml.jackson.core:jackson-databind:2.13.4.2 - jackson-databind (https://github.com/FasterXML/jackson-databind/tree/jackson-databind-2.13.4.2), (The Apache Software License, Version 2.0)
com.fasterxml.jackson.dataformat:jackson-dataformat-cbor:2.8.11 - Jackson dataformat: CBOR (https://github.com/FasterXML/jackson-dataformats-binary/tree/jackson-dataformats-binary-2.8.11/cbor), (The Apache Software License, Version 2.0)
com.fasterxml.jackson.dataformat:jackson-dataformat-smile:2.8.11 - Jackson dataformat: Smile (https://github.com/FasterXML/jackson-dataformats-binary/tree/jackson-dataformats-binary-2.8.11/smile), (The Apache Software License, Version 2.0)
joda-time:joda-time:2.9.9 - Joda-Time (http://www.joda.org/joda-time/), (Apache License, Version 2.0)
diff --git a/licenses/inlong-dataproxy/LICENSE b/licenses/inlong-dataproxy/LICENSE
index 9d1affbc3..941e387b6 100644
--- a/licenses/inlong-dataproxy/LICENSE
+++ b/licenses/inlong-dataproxy/LICENSE
@@ -381,7 +381,7 @@ The text of each license is the standard Apache 2.0 license.
com.google.j2objc:j2objc-annotations:1.3 - J2ObjC Annotations (https://github.com/google/j2objc/), (The Apache Software License, Version 2.0)
com.fasterxml.jackson.core:jackson-annotations:2.13.2 - Jackson-annotations (https://github.com/FasterXML/jackson-annotations), (The Apache Software License, Version 2.0)
com.fasterxml.jackson.core:jackson-core:2.13.2 - Jackson-core (https://github.com/FasterXML/jackson-core/tree/jackson-core-2.13.2), (The Apache Software License, Version 2.0)
- com.fasterxml.jackson.core:jackson-databind:2.13.2.2 - jackson-databind (https://github.com/FasterXML/jackson-databind/tree/jackson-databind-2.13.2.2), (The Apache Software License, Version 2.0)
+ com.fasterxml.jackson.core:jackson-databind:2.13.4.2 - jackson-databind (https://github.com/FasterXML/jackson-databind/tree/jackson-databind-2.13.4.2), (The Apache Software License, Version 2.0)
joda-time:joda-time:2.9.9 - Joda-Time (https://www.joda.org/joda-time/), (Apache 2)
com.google.guava:listenablefuture:9999.0-empty-to-avoid-conflict-with-guava - Guava ListenableFuture only (https://github.com/google/guava/listenablefuture), (The Apache Software License, Version 2.0)
org.apache.logging.log4j:log4j-slf4j-impl:2.17.2 - Apache Log4j SLF4J Binding (https://logging.apache.org/log4j/2.x/log4j-slf4j-impl/), (Apache License, Version 2.0)
diff --git a/licenses/inlong-manager/LICENSE b/licenses/inlong-manager/LICENSE
index 813c3be53..29ac6db55 100644
--- a/licenses/inlong-manager/LICENSE
+++ b/licenses/inlong-manager/LICENSE
@@ -468,7 +468,7 @@ The text of each license is the standard Apache 2.0 license.
com.google.j2objc:j2objc-annotations:1.3 - J2ObjC Annotations (https://github.com/google/j2objc/), (The Apache Software License, Version 2.0)
com.fasterxml.jackson.core:jackson-annotations:2.13.2- Jackson-annotations (https://github.com/FasterXML/jackson-annotations/tree/jackson-annotations-2.13.2), (The Apache Software License, Version 2.0)
com.fasterxml.jackson.core:jackson-core:2.13.2 - Jackson-core (https://github.com/FasterXML/jackson-core/tree/jackson-core-2.13.2), (The Apache Software License, Version 2.0)
- com.fasterxml.jackson.core:jackson-databind:2.13.2.2 - jackson-databind (https://github.com/FasterXML/jackson-databind/tree/jackson-databind-2.13.2.2), (The Apache Software License, Version 2.0)
+ com.fasterxml.jackson.core:jackson-databind:2.13.4.2 - jackson-databind (https://github.com/FasterXML/jackson-databind/tree/jackson-databind-2.13.4.2), (The Apache Software License, Version 2.0)
com.fasterxml.jackson.dataformat:jackson-dataformat-cbor:2.8.11 - Jackson dataformat: CBOR (https://github.com/FasterXML/jackson-dataformats-binary/tree/jackson-dataformats-binary-2.8.11/cbor), (The Apache Software License, Version 2.0)
com.fasterxml.jackson.dataformat:jackson-dataformat-smile:2.8.11 - Jackson dataformat: Smile (https://github.com/FasterXML/jackson-dataformats-binary/tree/jackson-dataformats-binary-2.8.11/smile), (The Apache Software License, Version 2.0)
com.fasterxml.jackson.datatype:jackson-datatype-jdk8:2.13.2 - Jackson datatype: jdk8 (https://github.com/FasterXML/jackson-modules-java8/tree/jackson-modules-java8-2.13.2), (The Apache Software License, Version 2.0)
diff --git a/licenses/inlong-sort-connectors/LICENSE b/licenses/inlong-sort-connectors/LICENSE
index 1e8b13780..da5b3bcf4 100644
--- a/licenses/inlong-sort-connectors/LICENSE
+++ b/licenses/inlong-sort-connectors/LICENSE
@@ -729,7 +729,7 @@ The text of each license is the standard Apache 2.0 license.
com.google.j2objc:j2objc-annotations:1.3 - J2ObjC Annotations (https://github.com/google/j2objc/), (The Apache Software License, Version 2.0)
com.fasterxml.jackson.core:jackson-annotations:2.13.2 - Jackson-annotations (https://github.com/FasterXML/jackson-annotations), (The Apache Software License, Version 2.0)
com.fasterxml.jackson.core:jackson-core:2.13.2 - Jackson-core (https://github.com/FasterXML/jackson-core/tree/jackson-core-2.13.2), (The Apache Software License, Version 2.0)
- com.fasterxml.jackson.core:jackson-databind:2.13.2.2 - jackson-databind (https://github.com/FasterXML/jackson-databind/tree/jackson-databind-2.13.2.2), (The Apache Software License, Version 2.0)
+ com.fasterxml.jackson.core:jackson-databind:2.13.4.2 - jackson-databind (https://github.com/FasterXML/jackson-databind/tree/jackson-databind-2.13.4.2), (The Apache Software License, Version 2.0)
com.fasterxml.jackson.dataformat:jackson-dataformat-cbor:2.8.11 - Jackson dataformat: CBOR (https://github.com/FasterXML/jackson-dataformats-binary/tree/jackson-dataformats-binary-2.8.11/cbor), (The Apache Software License, Version 2.0)
com.fasterxml.jackson.dataformat:jackson-dataformat-cbor:2.10.4 - Jackson dataformat: CBOR (https://github.com/FasterXML/jackson-dataformats-binary/tree/jackson-dataformats-binary-2.10.4/cbor), (The Apache Software License, Version 2.0)
com.fasterxml.jackson.dataformat:jackson-dataformat-smile:2.8.11 - Jackson dataformat: Smile (https://github.com/FasterXML/jackson-dataformats-binary/tree/jackson-dataformats-binary-2.8.11/smile), (The Apache Software License, Version 2.0)
diff --git a/licenses/inlong-sort-standalone/LICENSE b/licenses/inlong-sort-standalone/LICENSE
index 43bd6c115..0a5cea9bc 100644
--- a/licenses/inlong-sort-standalone/LICENSE
+++ b/licenses/inlong-sort-standalone/LICENSE
@@ -429,7 +429,7 @@ The text of each license is the standard Apache 2.0 license.
org.schwering:irclib:1.10 - IRC client library (http://moepii.sourceforge.net), (The Apache Software License, Version 2.0), (Apache 2.0 and EPL 1.0 and LGPL 2.1)
com.fasterxml.jackson.core:jackson-annotations:2.13.2 - Jackson-annotations (https://github.com/FasterXML/jackson-annotations/tree/jackson-annotations-2.13.2), (The Apache Software License, Version 2.0)
com.fasterxml.jackson.core:jackson-core:2.13.2 - Jackson-core (https://github.com/FasterXML/jackson-core/tree/jackson-core-2.13.2), (The Apache Software License, Version 2.0)
- com.fasterxml.jackson.core:jackson-databind:2.13.2.2 - jackson-databind (https://github.com/FasterXML/jackson-databind/tree/jackson-databind-2.13.2.2), (The Apache Software License, Version 2.0)
+ com.fasterxml.jackson.core:jackson-databind:2.13.4.2 - jackson-databind (https://github.com/FasterXML/jackson-databind/tree/jackson-databind-2.13.4.2), (The Apache Software License, Version 2.0)
com.fasterxml.jackson.dataformat:jackson-dataformat-cbor:2.8.11 - Jackson dataformat: CBOR (https://github.com/FasterXML/jackson-dataformats-binary/tree/jackson-dataformats-binary-2.8.11/cbor), (The Apache Software License, Version 2.0)
com.fasterxml.jackson.dataformat:jackson-dataformat-smile:2.8.11 - Jackson dataformat: Smile (https://github.com/FasterXML/jackson-dataformats-binary/tree/jackson-dataformats-binary-2.8.11/smile), (The Apache Software License, Version 2.0)
jakarta.validation:jakarta.validation-api:2.0.2 - Jakarta Bean Validation API (https://beanvalidation.org), (Apache License 2.0)
diff --git a/licenses/inlong-tubemq-manager/LICENSE b/licenses/inlong-tubemq-manager/LICENSE
index 9fbef4ea8..211323171 100644
--- a/licenses/inlong-tubemq-manager/LICENSE
+++ b/licenses/inlong-tubemq-manager/LICENSE
@@ -377,7 +377,7 @@ The text of each license is the standard Apache 2.0 license.
org.apache.httpcomponents:httpcore:4.4.14 - Apache HttpCore (https://hc.apache.org/httpcomponents-core-4.4.x), (Apache License, Version 2.0)
com.fasterxml.jackson.core:jackson-annotations:2.13.2 - Jackson-annotations (https://github.com/FasterXML/jackson-annotations), (The Apache Software License, Version 2.0)
com.fasterxml.jackson.core:jackson-core:2.13.2 - Jackson-core (https://github.com/FasterXML/jackson-core/tree/jackson-core-2.13.2), (The Apache Software License, Version 2.0)
- com.fasterxml.jackson.core:jackson-databind:2.13.2.2 - jackson-databind (https://github.com/FasterXML/jackson-databind/tree/jackson-databind-2.13.2.2), (The Apache Software License, Version 2.0)
+ com.fasterxml.jackson.core:jackson-databind:2.13.4.2 - jackson-databind (https://github.com/FasterXML/jackson-databind/tree/jackson-databind-2.13.4.2), (The Apache Software License, Version 2.0)
com.fasterxml.jackson.datatype:jackson-datatype-jdk8:2.13.2 - Jackson datatype: jdk8 (https://github.com/FasterXML/jackson-modules-java8/tree/jackson-modules-java8-2.13.2), (The Apache Software License, Version 2.0)
com.fasterxml.jackson.module:jackson-module-parameter-names:2.13.2 - Jackson-module-parameter-names (https://github.com/FasterXML/jackson-modules-java8/tree/jackson-modules-java8-2.13.2/parameter-names), (The Apache Software License, Version 2.0)
jakarta.validation:jakarta.validation-api:2.0.2 - Jakarta Bean Validation API (https://beanvalidation.org), (Apache License 2.0)
diff --git a/pom.xml b/pom.xml
index 458f9f1ea..1b5686271 100644
--- a/pom.xml
+++ b/pom.xml
@@ -183,7 +183,7 @@
<javax.servlet.api.version>4.0.1</javax.servlet.api.version>
<gson.version>2.8.9</gson.version>
<jackson.version>2.13.2</jackson.version>
- <jackson.databind.version>2.13.2.2</jackson.databind.version>
+ <jackson.databind.version>2.13.4.2</jackson.databind.version>
<fastjson.version>1.2.83</fastjson.version>
<clickhouse-jdbc.version>0.3.1</clickhouse-jdbc.version>