You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@brooklyn.apache.org by jc...@apache.org on 2022/10/19 07:45:33 UTC

[brooklyn-server] 01/01: Updated snakeyaml and jackson to patch CVE-2022-25857 and CVE-2022-38749

This is an automated email from the ASF dual-hosted git repository.

jcabrerizo pushed a commit to branch update-snakeyaml-1.31
in repository https://gitbox.apache.org/repos/asf/brooklyn-server.git

commit a56a05f1d38a7b3a3062349c5e2b6b6d9a82f896
Author: Juan Cabrerizo <ju...@cabrerizo.es>
AuthorDate: Wed Oct 19 09:45:24 2022 +0200

    Updated snakeyaml and jackson to patch CVE-2022-25857 and CVE-2022-38749
---
 pom.xml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pom.xml b/pom.xml
index 306fb6dd73..7d0a6729c0 100644
--- a/pom.xml
+++ b/pom.xml
@@ -130,7 +130,7 @@
         <jakarta.activation.version>1.2.2</jakarta.activation.version>
         <jakarta.mail.version>1.6.5</jakarta.mail.version> <!-- used by karaf -->
         <!-- double-check downstream projects before changing jackson version -->
-        <fasterxml.jackson.version>2.13.3</fasterxml.jackson.version>
+        <fasterxml.jackson.version>2.13.4</fasterxml.jackson.version>
         <cxf.version>3.4.1</cxf.version>
         <httpcomponents.httpclient.version>4.5.13</httpcomponents.httpclient.version> <!-- To match cxf-http-async -->
         <httpcomponents.httpcore.version>4.4.14</httpcomponents.httpcore.version> <!-- To match cxf -->
@@ -138,7 +138,7 @@
         <httpclient.version>4.5.13</httpclient.version> <!-- kept for compatibility in 0.11.0-SNAPSHOT, remove after -->
         <commons-lang3.version>3.12.0</commons-lang3.version>
         <groovy.version>2.4.15</groovy.version> <!-- Version 2.4.7 supported by https://github.com/groovy/groovy-eclipse/wiki/Groovy-Eclipse-2.9.1-Release-Notes; not sure what more recent will be -->
-        <snakeyaml.version>1.30</snakeyaml.version> <!-- 1.30 matches jackson 2.13; 1.27 matches cxf-jackson 3.3.9 -->
+        <snakeyaml.version>1.31</snakeyaml.version> <!-- 1.30 matches jackson 2.13.4; 1.27 matches cxf-jackson 3.3.9 -->
         <snakeyaml.jclouds.version>1.26</snakeyaml.jclouds.version> <!-- jclouds 2.4 imports this -->
         <!-- Next version of swagger requires changes to how path mapping and scanner injection are done. -->
         <swagger.version>1.6.2</swagger.version>