You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@zookeeper.apache.org by ar...@apache.org on 2022/03/30 18:57:49 UTC
[zookeeper] branch branch-3.7 updated: ZOOKEEPER-4505: CVE-2020-36518 - Upgrade jackson databind to 2.13.2.1
This is an automated email from the ASF dual-hosted git repository.
arshad pushed a commit to branch branch-3.7
in repository https://gitbox.apache.org/repos/asf/zookeeper.git
The following commit(s) were added to refs/heads/branch-3.7 by this push:
new 9054c4b ZOOKEEPER-4505: CVE-2020-36518 - Upgrade jackson databind to 2.13.2.1
9054c4b is described below
commit 9054c4b574946eae2b92b75c362da1df5cf586f2
Author: Edwin Hobor <ed...@gmail.com>
AuthorDate: Thu Mar 31 00:27:23 2022 +0530
ZOOKEEPER-4505: CVE-2020-36518 - Upgrade jackson databind to 2.13.2.1
CVE-2020-36518 vulnerability affects jackson-databind in Zookeeper (see https://github.com/advisories/GHSA-57j2-w4cx-62h2).
Upgrading to jackson-databind version 2.13.2.1 should address this issue.
Author: Edwin Hobor <ed...@gmail.com>
Reviewers: maoling <ma...@apache.org>,Enrico Olivelli <eo...@apache.org>, Mohammad Arshad <ar...@apache.org>
Closes #1842 from edwin092/edwin/ZOOKEEPER-4505
(cherry picked from commit 78bbb123cfcbdd8da9d118f08b49d1d00c43f53d)
Signed-off-by: Mohammad Arshad <ar...@apache.org>
---
pom.xml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/pom.xml b/pom.xml
index 3d50c4b..a25a0d5 100755
--- a/pom.xml
+++ b/pom.xml
@@ -440,7 +440,7 @@
<netty.version>4.1.73.Final</netty.version>
<netty.tcnative.version>2.0.48.Final</netty.tcnative.version>
<jetty.version>9.4.43.v20210629</jetty.version>
- <jackson.version>2.13.1</jackson.version>
+ <jackson.version>2.13.2.1</jackson.version>
<jline.version>2.14.6</jline.version>
<snappy.version>1.1.7.7</snappy.version>
<kerby.version>2.0.0</kerby.version>